Tech Firm Ubiquiti Suffers $46M Cyberheist

An anonymous reader writes: Brian Krebs reports that Ubiquiti Networks, known for their wireless networking hardware, has lost $46.7 million to a scam in which thieves were able to impersonate employees and initiate fraudulent wire transfers. Ubiquiti was able to recover only $8.1 million of the amounts transferred, and an additional $6.8 million is subject to legal injunction. Krebs explains, "Known variously as 'CEO fraud,' and the 'business email compromise,' the swindle that hit Ubiquiti is a sophisticated and increasingly common one targeting businesses working with foreign suppliers and/or businesses that regularly perform wire transfer payments. ... CEO fraud usually begins with the thieves either phishing an executive and gaining access to that individual’s inbox, or emailing employees from a look-alike domain name that is one or two letters off from the target company’s true domain name." The theft was disclosed in Ubiquiti's quarterly financial report.

Look no further

[Rumagent]

Look no further than the sorry state of email today. This problem was fixed 25 years ago:

  https://en.wikipedia.org/wiki/Pretty_Good_Privacy#Digital_signatures

One is almost tempted to think that someone is trying to keep private communications open and accessible...

Re:Companies should say"No clicking links from ema

[ScentCone]

You're confused. Just because someone in IT journalism calls it the "CEO scam" doesn't mean it's the CEO who falls for the phishing scheme that compromises their email account. It could be someone in the A/P side of procurement, it could be someone in the CTO's office, or the company's comptroller. If you think those people aren't all highly motivated to be cautious, you've never worked with any of them. Especially not those who work for publicly traded (and highly scrutinized) companies. You're pointing out that the CEO doesn't handle financial transactions and then wondering how someone "that dumb" gets the job. Well which is it?