Fraudsters Steal $46.7m From Ubiquiti Networks

Internet Crime Complaint Centre (IC3)  warn  the invoice scam, known as the BEC scam (business email compromise), conned companies out of $214m in 2013 alone.

US networking technology company Ubiquiti Networks has been swindled by fraudsters and has lost nearly $47 million.

According to the quarterly financial report the company filed last week with the US Securities and Exchange Commission, they discovered that they have became a victim of a criminal fraud on June 5, 2015.

"The incident involved employee impersonation and fraudulent requests from an outside entity targeting the Company’s finance department. This fraud resulted in transfers of funds aggregating $46.7 million held by a Company subsidiary incorporated in Hong Kong to other overseas accounts held by third parties," the report says.

Ubiquiti has been trying to recover the stolen money, and has so far managed to regain possession of $8.1 million, and believes it likely that they will recoup another $6.8 million. 

"The Company is continuing to pursue the recovery of the remaining $31.8 million and is cooperating with US federal and numerous overseas law enforcement authorities who are actively pursuing a multi-agency criminal investigation," they added.

The investigation by the Audit Committee of the company’s Board of Directors uncovered no evidence that the company's systems were breached or that corporate information was accessed. There's also no evidence that points to an employee being involved in the heist. 

While the company attempts to recover the stolen funds, they have also implemented "enhanced internal controls over financial reporting", and additional procedures and controls in order to prevent such a thing happening to them again. Naturally, they didn't publicly share what those procedures and controls are.

Brian Krebs thinks it likely that Ubiquity fell prey to the so-called Business E-mail Compromise (BEC) scam - a type of scam that FBI's Internet Crime Complaint Center (IC3) warned about earlier this year and that netted scammers nearly $215 million in 14 months.

The BEC scam can take several forms, but the result is the same: stolen funds.

Business can take steps to avoid becoming victims. First and foremost, they should start using 2-step verification for confirm significant transactions, but choose different environments for each step (e.g. one confirmation can be done via email, and the other via a phone call).

Other things that could help are not sharing company/employee data (such as job description) on the company's website, and being extra careful when there are sudden changes in business practices (e.g. a business contact switching from the company email to a personal one).

Net-Security

 

« When Your White Hat Is Really a Black Hat
Ad Block Software 'Costs Firms £14bn A Year' »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

TÜV SÜD Academy UK

TÜV SÜD Academy UK

TÜV SÜD offers expert-led cybersecurity training to help organisations safeguard their operations and data.

HackerOne

HackerOne

HackerOne was started by hackers and security leaders who are driven by a passion to make the internet safer.

Centre for International Governance Innovation (CIGI)

Centre for International Governance Innovation (CIGI)

CIGI research areas include Conflict Management & Security which encompass cyber security and cyber warfare.

CERT-In

CERT-In

CERT-In is a functional organisation of the Ministry of Information & Electronics Technology, Government of India, with the objective of securing Indian cyber space.

Prewen

Prewen

Prewen provide solutions to protect sensitive data across the organisation.

Dubex

Dubex

Dubex is Denmark's leading business-oriented IT security specialist.

Computing Technology Industry Association (CompTIA)

Computing Technology Industry Association (CompTIA)

CompTIA is dedicated to advancing industry growth through its educational programs, market research, networking events, professional certifications, and public policy advocacy.

Unitrends

Unitrends

Unitrends helps IT pros do more with less by providing an all-in-one enterprise backup and continuity solution.

Sequretek

Sequretek

Sequretek was formed with the aim to “Simplify Security”. We envision a future where enterprise networks are streamlined, secure and simple.

DDOS-Guard

DDOS-Guard

DDoS-GUARD is one of the leading service providers on the global DDoS protection and content delivery markets.

High Wire Networks

High Wire Networks

High Wire Network’s Overwatch Managed Security Plaform-as-a-Service offers organizations end-to-end protection for networks, data, endpoints and users.

Thistle Technologies

Thistle Technologies

Thistle Technologies is building tools that help connected device manufacturers build security resiliency into devices.

VCG Group

VCG Group

VCG provides everything you need for the design, implementation and management of data centres, cyber-secure enterprise networks, cloud and connectivity services.

443ID

443ID

443ID brings OSINT data to Identity Security professionals on any digital platform.

ITButler e-Services

ITButler e-Services

At IT Butler, our mission is crystal clear: we are dedicated to providing top-tier cybersecurity solutions and best-practice methodologies to secure and enhance your digital infrastructure’s resilienc

Hanwha Systems

Hanwha Systems

Hanwha Systems is a global company based in South Korea providing defense electronics and smart ICT solutions.

EpicCyber

EpicCyber

Since 2011, Epic Cyber has pioneered the integration of enterprise cloud technology.