Protect Your Domain.
Stop Email Fraud.
DMARC Cloud makes it easy to secure your email domain against phishing, spoofing, and spam. Get full visibility into who’s sending on your behalf and take control of your email security with automated DMARC monitoring.
The Real Cost of Unsecured Email
Without email authentication, there's no way to verify an email wasn't intercepted and modified in transit.
A Lithuanian scammer registered a company with the same name as a real hardware vendor — then sent spoofed invoices to both tech giants for two years. With no DKIM signatures or DMARC policy on the vendor's domain, the finance teams had no way to tell the emails were fake.
Between 2013 and 2015, Evaldas Rimasauskas registered a company in Latvia with the same name as Quanta Computer — a real hardware vendor that both Facebook and Google regularly did business with.
He sent invoices from a lookalike domain to finance teams at both companies — same formatting, same contact names, complete with forged contracts and corporate stamps. Quanta Computer had no DKIM signatures on their outgoing email and no DMARC policy published. So when these fraudulent emails arrived, there was no authentication mechanism to flag them as fakes.
Over two years, both companies wired a combined $121 million to fraudulent bank accounts in Latvia and Cyprus. Rimasauskas was caught and sentenced to five years, but much of the money was never recovered.
Attackers compromised an internal email account, set up forwarding rules, and intercepted legitimate wire transfer requests. They modified the bank details and forwarded the altered emails to the finance team. With no DKIM signing, the modified emails were indistinguishable from originals.
In mid-2015, attackers compromised an email account at Ubiquiti Networks and studied internal communication patterns — who emailed whom, what approvals looked like, and how wire transfers were requested.
They set up email forwarding rules on the compromised account. When legitimate transfer requests came through, the attackers intercepted them, modified the bank account details, and forwarded the altered emails to the finance team in Ubiquiti's Hong Kong subsidiary.
Because Ubiquiti's email had no DKIM signing and no DMARC enforcement, the modified emails were indistinguishable from originals. There was no digital signature to break — the emails just looked normal.
$46.7 million was wired to overseas accounts. Ubiquiti clawed back $14.9 million, but $31.8 million was gone — moved through international accounts beyond recovery.
Attackers compromised a supplier's email, monitored traffic for weeks, then intercepted an outgoing invoice. They swapped the bank details, added "We've recently changed banks," and forwarded it to the customer. No DKIM meant no way to detect the modification.
This pattern hits Australian businesses with alarming regularity. Attackers compromise a supplier's email — often through phishing or a weak password — then sit quietly, monitoring email traffic for weeks.
When a large invoice is about to be sent, they strike. The attacker intercepts the outgoing email, changes the bank account details, adds a polite note — "We've recently changed banks" — and forwards it to the real customer. The original is deleted from the supplier's sent folder.
A mid-size construction firm received exactly this from their concrete supplier. Same formatting, same contact names, same project references. The supplier had no DKIM signing, so there was no digital signature on their emails to begin with — the modified email looked identical to every other email they'd ever sent.
The accounts team paid $850,000. Two weeks later, the real supplier called chasing an overdue payment. The money had been moved through multiple accounts and was completely unrecoverable.
Attackers compromised a supplier's email account and monitored payment communications with Toyota's European subsidiary. When a large payment was due, they intercepted the email, changed the bank details, and forwarded it. No DKIM meant the altered email passed every check.
In August 2019, Toyota Boshoku Corporation — a major Toyota Group subsidiary that manufactures car parts — fell victim to a textbook man-in-the-middle email attack.
Attackers had compromised the email account of one of the company's European suppliers. They sat in the inbox quietly, reading email threads and learning how payment instructions flowed between the two companies.
When a significant payment was being arranged, the attackers intercepted the supplier's email containing bank transfer instructions. They modified the bank account details to point to their own account and forwarded the altered email to Toyota Boshoku's finance team in Europe.
The email looked completely legitimate — it came from within an existing conversation thread, referenced real orders, and matched the formatting of every previous email from that supplier. Because the supplier had no DKIM signing, there was no cryptographic signature to verify the email hadn't been tampered with. The finance team wired $37 million (4 billion yen) to the fraudulent account.
Toyota Boshoku disclosed the loss and launched a recovery effort, but the damage to one of the world's largest automotive suppliers was already done.
Attackers compromised an employee's email at the global charity, then used it to send fake invoices and payment requests referencing real projects. With no DKIM on outgoing emails, the finance team had no way to know the requests had been crafted by an imposter sitting inside their own mail system.
Save the Children, one of the world's largest humanitarian organisations, discovered in 2018 that attackers had compromised an employee's email account and used it to submit fraudulent invoices and payment requests.
The attackers studied real projects and vendor relationships from inside the compromised mailbox. They then created fake invoices referencing real initiatives — solar panels for health centres in Pakistan — and submitted them through internal channels as if they were legitimate vendor payments.
The emails came from a real employee's account, referenced real projects, and followed the organisation's standard payment request format. Without DKIM authentication on internal and outgoing emails, there was no mechanism to verify the integrity of the messages — anyone with mailbox access could send emails that looked identical to legitimate ones.
By the time the fraud was detected, $1 million had been wired to a fraudulent entity in Japan. The charity's insurance covered the loss, but the reputational damage to an organisation that depends on donor trust was significant.
A scammer impersonated the hospital's CFO via email, instructing accounts payable to update a vendor's bank details for an upcoming payment. The spoofed email had no DKIM signature to verify — so it looked just like any other email from the CFO.
Children's Healthcare of Atlanta, one of the largest paediatric healthcare systems in the US, was targeted by an attacker who had done their homework. The scammer knew the CFO's name, email style, and the names of staff in accounts payable.
They sent an email that appeared to come from the CFO, instructing the accounts payable team to update the bank account details for an existing vendor ahead of a scheduled payment. The email was professional, used the right internal language, and referenced a real vendor relationship.
Because the hospital's email domain lacked DKIM signing and DMARC enforcement, the spoofed email from the fake CFO address passed through without any authentication flags. The accounts payable team updated the vendor's banking information and processed the next payment — $3.6 million — to the attacker's account.
The fraud was only discovered when the real vendor enquired about their missing payment.
During a church building project, attackers compromised the contractor's email and intercepted payment communications. They changed one letter in the email address, swapped the bank details on a progress payment, and forwarded it to the church. Without DKIM, the altered email was undetectable.
Saint Ambrose Catholic Parish in Brunswick, Ohio was in the middle of a major building renovation when attackers struck. The scammers compromised the email of the church's construction contractor and spent weeks monitoring the payment schedule.
When a $1.75 million progress payment was due, the attackers intercepted the contractor's invoice email. They changed the bank account details, set up a lookalike email address (one letter different from the contractor's real address), and forwarded the modified invoice to the church's finance team.
The email referenced the correct project, the right payment amount, and matched previous correspondence. The contractor's email had no DKIM signing — so there was no digital fingerprint to reveal that the email had been tampered with or sent from a different source.
The church wired $1.75 million to the fraudulent account. The real contractor called weeks later asking about the overdue payment. The money was gone — laundered through multiple accounts within days of the transfer.
An international gang compromised a law firm's email and impersonated lawyers handling a property deal. They intercepted settlement instructions, changed the bank details, and sent them to the developer's finance team. No DKIM on the law firm's domain meant the emails looked perfectly authentic.
Between 2021 and 2022, French property developer Sefri-Cime was targeted by an international fraud gang using a sophisticated email interception scheme.
The attackers compromised the email system of a law firm involved in a major property transaction with Sefri-Cime. They monitored the email thread between the lawyers and the developer's finance team, learning the transaction details, timelines, and payment amounts.
When the time came for a large settlement payment, the attackers intercepted the law firm's email containing wire instructions. They replaced the bank account details with their own, added a note about "updated banking arrangements," and forwarded the modified email to Sefri-Cime.
The law firm's email domain had no DKIM signatures and no DMARC policy. The altered email was cryptographically identical to an unaltered one — because neither had any cryptographic verification to begin with. Sefri-Cime's finance team wired €38 million to the fraudulent account.
The fraud was eventually uncovered, but the funds had already been dispersed through a network of international accounts. French authorities arrested several members of the gang, but the full amount was not recovered.
These aren't edge cases. The FBI reports over $2.9 billion lost to business email fraud in 2023 alone. The common thread? No email authentication. DKIM signs your emails. DMARC tells the world to reject fakes.
Check Your Domain Now →Why Choose DMARC Cloud?
Prevent Email Fraud
Protect your customers, partners, and brand from email spoofing.
Gain Visibility
See who is sending emails using your domain.
Boost Deliverability
Improve inbox placement by building trust with ISPs.
Easy to Use
Simple dashboard, real-time insights, and automated reporting.
How It Works
- Check Your Domain — Use our free Domain Checker to see where you stand right now.
- Generate Your DMARC Record — Our DMARC Record Generator creates the perfect record for your domain in seconds.
- Publish & Monitor — Add the record to your DNS and start receiving reports. We’ll show you exactly who’s sending email as your domain.
Start Securing Your Domain Today
Take control of your email reputation. With DMARC Cloud, you’ll know exactly who’s sending emails on your behalf — and stop anyone who shouldn’t be. Start with our free DMARC Record Generator or check your current setup with our Domain Checker.