The Email That Wasn’t

The Email That Wasn’t: How a Simple Scam Cost £100,000

It looked routine: the logo was perfect, the tone familiar, and the request urgent but reasonable.

“Please process this payment today.”

The finance team acted quickly. After all, it came from the boss.

Except it didn’t.

By the time anyone realised, £100,000 had vanished. No malware. No system breach. Just a clever impersonation.

And the worst part? It could have been stopped with simple measures: DMARC/DKIM and DCIM.

DMARC & DKIM: Your Email Gatekeepers

Email remains the number one attack vector for fraud. Criminals exploit trust by impersonating your domain.

Here’s how to stop them:

SPF – Confirms emails come from approved servers.
DKIM – Adds a cryptographic signature to prove authenticity.
DMARC – Enforces the rules and reports suspicious activity.

Think of your domain as your company’s front door. Without DMARC and DKIM, anyone can walk in wearing your uniform. With them, you’ve got a guard checking IDs and signatures.

Together, they block impersonation attacks like invoice fraud and CEO scams.

DCIM: The Engine Room Monitor

While DMARC and DKIM protect your email identity, DCIM (Data Centre Infrastructure Management) safeguards the backbone of your IT—servers, power, cooling, and networks.

Imagine your data centre as a ship’s engine room. DCIM is the dashboard that spots problems early, prevents downtime, and keeps costs under control.

Visibility – Real-time monitoring of critical systems.
Efficiency – Optimises power and cooling to reduce waste.
Resilience – Detects issues before they become outages.

Why It Matters

Reputation – One phishing attack can destroy trust.
Financial Security – Stops fake payment requests.
Compliance – DMARC for email standards; DCIM for operational audits.

Don’t “Set and Forget”

Cyber security and infrastructure management aren’t static. Misconfigured DMARC or ignored DCIM leaves you exposed. Regular reviews are essential.

Your Next Step

Is your domain protected with DMARC and DKIM?
Can you see what’s happening in your IT infrastructure?
Are you confident about compliance?

Get peace of mind with a free domain check from Lugo. No strings attached.

Cookie	Duration	Description
__RequestVerificationToken	session	This cookie is set by web application built in ASP.NET MVC Technologies. This is an anti-forgery cookie used for preventing cross site request forgery attacks.
_GRECAPTCHA	5 months 27 days	This cookie is set by Google. In addition to certain standard Google cookies, reCAPTCHA sets a necessary cookie (_GRECAPTCHA) when executed for the purpose of providing its risk analysis.
cookielawinfo-checkbox-advertisement	1 year	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Advertisement".
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

Cookie	Duration	Description
_ga	2 years	This cookie is installed by Google Analytics. The cookie is used to calculate visitor, session, campaign data and keep track of site usage for the site's analytics report. The cookies store information anonymously and assign a randomly generated number to identify unique visitors.
_gat_gtag_UA_24228616_3	1 minute	This cookie is set by Google and is used to distinguish users.
_gid	1 day	This cookie is installed by Google Analytics. The cookie is used to store information of how visitors use a website and helps in creating an analytics report of how the website is doing. The data collected including the number visitors, the source where they have come from, and the pages visted in an anonymous form.
CONSENT	16 years 5 months	These cookies are set via embedded youtube-videos. They register anonymous statistical data on for example how many times the video is displayed and what settings are used for playback.No sensitive data is collected unless you log in to your google account, in that case your choices are linked with your account, for example if you click “like” on a video.

Cookie	Duration	Description
IDE	1 year 24 days	Used by Google DoubleClick and stores information about how the user uses the website and any other advertisement before visiting the website. This is used to present users with ads that are relevant to them according to the user profile.
test_cookie	15 minutes	This cookie is set by doubleclick.net. The purpose of the cookie is to determine if the user's browser supports cookies.
VISITOR_INFO1_LIVE	5 months 27 days	This cookie is set by Youtube. Used to track the information of the embedded YouTube videos on a website.
YSC	session	This cookies is set by Youtube and is used to track the views of embedded videos.
yt-remote-connected-devices	never	These cookies are set via embedded youtube-videos.
yt-remote-device-id	never	These cookies are set via embedded youtube-videos.

Cookie	Duration	Description
AADNonce.forms	session	No description available.
DcLcid	3 months	No description available.
FormsWebSessionId	1 month	No description
undefined	never	No description available.
usenewauthrollout	1 month	No description