Tech Firm Ubiquiti Suffers $46M Cyberheist

An anonymous reader writes: Brian Krebs reports that Ubiquiti Networks, known for their wireless networking hardware, has lost $46.7 million to a scam in which thieves were able to impersonate employees and initiate fraudulent wire transfers. Ubiquiti was able to recover only $8.1 million of the amounts transferred, and an additional $6.8 million is subject to legal injunction. Krebs explains, "Known variously as 'CEO fraud,' and the 'business email compromise,' the swindle that hit Ubiquiti is a sophisticated and increasingly common one targeting businesses working with foreign suppliers and/or businesses that regularly perform wire transfer payments. ... CEO fraud usually begins with the thieves either phishing an executive and gaining access to that individual’s inbox, or emailing employees from a look-alike domain name that is one or two letters off from the target company’s true domain name." The theft was disclosed in Ubiquiti's quarterly financial report.

Re:Companies should say"No clicking links from ema

[TWX]

Or, companies should institute a policy of calling the business with whom they're conducting business through a known-reliable means (like a telephone call) to speak with company officials that they're actually acquainted with, and to contact the financial institutions with whom they're coordinating such funds transfers, to confirm that all of the Is are dotted and Ts are crossed...

There's a reason why they say that if you need to contact your bank, you should call the telephone number on the back of card, and reject any attempts by an entity claiming to be your bank that contacts you out of the blue, unless that caller literally asks you to contact the bank via the contact information that you already have on-file.

Scams like this require the mark to be complacent. With this level of finances that's completely inexcusable.