American technology firm Ubiquiti Networks has revealed that it fell victim to a social engineering trick that saw crooks make off with $46.7 million.
In a Securities and Exchange Commission filing first picked up by security blogger Brian Krebs, the firm says that an “outside entity” impersonating an employee targeted its finance department.
August 10, 2015 (c) FinExtra http://www.finextra.com/
The crooks managed to get 46.7 million held$ by a company subsidiary incorporated in Hong Kong sent to various overseas accounts.
Although Ubiquiti has not explained exactly how it was conned, ‘CEO Fraud’ usually sees thieves ask for wire transfers through a company executive’s email account that has been accessed via phishing.
Ubiquiti says that it discovered the scam in June and has taken legal action that has seen it recover $8.1 million, while an additional $6.8 million is currently subject to legal injunction and “reasonably expected to be recovered” in due course.
An independent investigation “uncovered no evidence that our systems were penetrated or that any corporate information, including our financial and account information, was accessed”.
InCyber Comments:
The InCyber PAS Pro-Active and Predicting System has been proven 100% effective against Insider Threats. For additional information write to: info@incyber.co We are now offering a Free Insider Penetration Test for up to 500 Employees using your own historical data.