$46.7 Million Stolen from Tech Firm
Ubiquiti Networks, Inc. disclosed to the SEC in a quarterly financial report that they had discovered they had been a victim of a cybercrime costing $46.7 million.
Ubiquiti, which makes networking tech, fell victim to CEO fraud. You can read about that in detail here, but the short of it is that spoofed emails are sent to employees that appear to come from higher-ups. These emails contain financial instructions, so the employee then unwittingly sends money to a fraudulent company, which makes its way to cybercriminals.
In this case in particular, Ubiquiti reported "This fraud resulted in transfers of funds aggregating $46.7 million held by a Company subsidiary incorporated in Hong Kong to other overseas accounts held by third parties. As soon as the Company became aware of this fraudulent activity it initiated contact with its Hong Kong subsidiary’s bank and promptly initiated legal proceedings in various foreign jurisdictions. As a result of these efforts, the Company has recovered $8.1 million of the amounts transferred.”
So it could have been worse. They could have been out $54.8 million instead of just $47.6 million. Another $6.8 million is subject to an injunction and is expected to be recovered as well, so really they've only lost about $40 million.
The company is working with the FBI and has begun implementing new strategies to try to avoid problems like this in the future. The most effective way to combat CEO fraud, however, is to use a phone to confirm large monetary purchases or transfers.
CEO fraud has been very costly for businesses. Commodities trader The Scoular Company was ripped off to the tune of $17.2 million in February.