Ubiquiti, a maker of networking technology for service providers and enterprises, has been the victim of “CEO fraud” that enabled hackers to steal $46.7 million from the company’s accounts.
The San Jose company last week disclosed in a Securities and Exchange Commission filing that the incident, discovered in June, involved employee impersonation and fraudulent requests from an outside entity targeting Ubiquiti’s finance department. The scheme resulted in transfers of funds totaling $46.7 million held by a Hong Kong subsidiary to other overseas accounts held by third parties. Ubiquiti has been able to recover $8.1 million of the amounts transferred, and expects to recover another $6.8 million that are currently subject to legal injunction.
“The company is continuing to pursue the recovery of the remaining $31.8 million and is cooperating with U.S. federal and numerous overseas law enforcement authorities who are actively pursuing a multi-agency criminal investigation,” Ubiquiti said in the filing.
“While this matter will result in some additional near-term expenses, the company does not expect this incident to have a material impact on its business or its ability to fund the anticipated working capital, capital expenditures, and other liquidity requirements of its ongoing operations.
A CNN Money article Monday said that it’s “frighteningly easy to pull off such a theft.
“Many email systems allow people to spoof email addresses, posing as someone they’re not,” CNN Money wrote. “For example, a quick LinkedIn search can reveal who a company’s trusted finance department members are.”
Security blogger Brian Krebs wrote on his blog, Krebs On Security, that Ubiquiti was the victim of a swindle known variously as “CEO fraud” and the “business email compromise” — a sophisticated and increasingly common fraud targeting businesses working with foreign suppliers or businesses that regularly perform wire transfer payments.
Last year the FBI warned that cyber thieves stole nearly $215 million from businesses in the previous 14 months through such scams, which start when crooks spoof or hijack the email accounts of business executives or employees.
Featured image: Thinkstock