Fraudsters duped this company into handing over $40 million
Cybercrime isn’t just about fancy hacks and killer exploits. An increasingly common and lucrative scam to which businesses are falling victim involves just a bit of phishing and social engineering. It’s called “CEO fraud,” or “business email compromise.”
The con works like this: A swindler fakes emails from senior managers at the target company and requests (fraudulent) wire transfers. If they’re lucky, the recipient will approve an otherwise unauthorized transaction. And—kashhing—that’s cash in the thieves’ banks.
Ubiquiti Networks is one of the latest companies to admit it’s had the multimillion dollar wool pulled over its eyes. The San Jose, Calif.-based networking equipment company disclosed it lost $46.7 million through such a scam in its fourth quarter financial filing.
“On June 5, 2015, the Company determined that it had been the victim of a criminal fraud,” the company writes in its 8-k form. “The incident involved employee impersonation and fraudulent requests from an outside entity targeting the Company’s finance department. This fraud resulted in transfers of funds aggregating $46.7 million held by a Company subsidiary incorporated in Hong Kong to other overseas accounts held by third parties.”
Ubiquiti says it has so far managed to recover $8.1 million of the lost funds, and it expects to regain control of another $6.8 million. The rest? Uncertain.
“The Company may not be successful in obtaining any insurance coverage for this loss,” the firm notes before providing some reassurance that the incident was a fluke. “The Company currently believes this is an isolated event and does not believe its technology systems have been compromised or that Company data has been exposed.”
Events like these are far from isolated. At the beginning of the year, the Federal Bureau of Investigation warned that such attacks are on the rise. Victims in the U.S. and abroad numbered 2,126 between Oct. 2013 and Dec. 2014, losing a combined $215 million, according to the Bureau’s analysis of data from its Internet Crime Complaint Center.
As a preventative measure, the FBI recommends that businesses implement two-factor authentication for email as well as phone verification for substantial wire transfers. And employees should always be on guard for suspicious emails—even if that means occasionally bucking your boss’ request.