An article relating to this blog post on Finextra:
Phisher dupes Condé Nast out of $8m
Condé Nast has been hooked by a spear phisher, who with just one e-mail managed to get the publishing giant to wire him $8 million.
See article
I recall some 25 years ago being told via e-mail to change the Bank Account that my employers Direct Debits would be credited to from a High Street branch of Lloyds to one in a small local village with a population of less than 1,000.
When I kicked up a stink requesting higher authority (we were talking about £700,000 a week even in those days) at first I got into trouble for quibbling, then later it dawned on the powers that be what my intransigence had prevented.
It seems crazy to me that anyone would accept a simple e-mail request as authorisation - I'd expect to see a formal memo on header notepaper, and with at least 2 signatures on it, and then I'd make a phone call to confirm.