14 DAY TRIAL // Ubiquiti Networks Inc., an American company that manufactures wireless products, has reported a cyberheist of $46.7 million / €42.6 million in its latest financial report.
According to its 2015 Q2 report, the fraud took place on June 5 this year, and it "involved employee impersonation and fraudulent requests from an outside entity targeting the Company’s finance department."
No details are given on the nature of the "impersonation," but this sounds like the CEO scam scheme, also known as CEO fraud, in which a criminal will spoof the communications between two companies or two departments inside a company.
Some of the funds were recovered
In Ubiquiti's case, the scam resulted in transfers of $46.7 million / €42.6 million from one of its Hong Kong subsidiaries to bank accounts held overseas.
As soon as the fraud was detected, legal authorities were informed and the company managed to recover $8.1 million / €7.4 million, while also placing another $6.8 million / €6.2 million under a legal injunction.
For the rest of the sum, Ubiquiti is "cooperating with U.S. federal and numerous overseas law enforcement authorities who are actively pursuing a multi-agency criminal investigation."
There was no data breach, no other data was lost
The company has also revealed that no breach of its internal systems took place, which indirectly leads us to believe that the attacker did not hack any of the company's email accounts but seems to have registered a domain name that closely resembles Ubiquiti's name and used it to send emails to the financial department.
Apparently, the company did not use a secondary system for validating financial transactions, which allowed the scammer to easily get ahold of the funds as soon as the person in charge of the bank transfers decided to wire the money without verifying the transaction with a phone call to one of their bosses, as "common sense" dictates.
Only in 2014, scammers stole around $215 million / €196 million from American businesses using similar tactics, as Brian Krebs reports.