According to cybersecurity expert Brian Krebs, tech firm Ubiquiti Networks Inc., fell victim to a social engineering hack which saw hackers spoof executive emails to initiate wire transfers worth $46.7 million.
According to a quarterly financial report filed with the U.S. Securities and Exchange Commission (SEC), the San Jose based company reported that the company became aware of the incident which “involved employee impersonation and fraudulent requests from an outside entity targeting the company’s finance department,” on June 5, 2015.
According to a Ubiquiti statement, “this fraud resulted in transfers of funds aggregating $46.7 million held by a Company subsidiary incorporated in Hong Kong to other overseas accounts held by third parties. As soon as the Company became aware of this fraudulent activity it initiated contact with its Hong Kong subsidiary’s bank and promptly initiated legal proceedings in various foreign jurisdictions. As a result of these efforts, the Company has recovered $8.1 million of the amounts transferred.”
This form of fraud is commonly referred to as “CEO fraud,” or “business email compromise,” and they are becoming more advanced and common, said Krebs. According to Krebs on Security, “in January 2015, the FBI warned that cyber thieves stole nearly $215 million from businesses in the previous 14 months through such scams, which start when crooks spoof or hijack the email accounts of business executives or employees.”