Ubiquiti Defrauded Of More Than 46$ million by scammers

[Rekx]

 

 

 

Ubiquiti Networks has been defrauded of more than US$46 million by scammers who spoofed its communications. The heist was revealed in an SEC Form 8-K filing. Apart from the financial information, details are scant. The San Jose company says: “The incident involved employee impersonation and fraudulent requests from an outside entity targeting the Company’s finance department.

 

This fraud resulted in transfers of funds aggregating $46.7 million held by a Company subsidiary incorporated in Hong Kong to other overseas accounts held by third parties.” Ubiquiti says it's recovered $8.1 million of the heist and has launched legal action to chase a further $6.8 million, with the remaining $31.8 million subject to US and overseas law enforcement investigations.

 

 

Brian Krebs says the fraud is based on the scammers spoofing communications from the firm “in a bid to initiate unauthorized international wire transfers”. Rather than a breach of its IT systems, Krebs says, the modus operandi seems to be similar to other attacks: e-mails spoofing the address of an executive (such as a CEO) instruct employees to make the funds transfers.

 

 

Ubiquiti says its audit committee and outside advisers have, perhaps unsurprisingly, concluded that there are “material weaknesses” in its “internal control over financial reporting”. While it's unsure whether it has insurance coverage for the losses, the company also says “this matter will result in some additional near-term expenses,” but it “does not expect this incident to have a material impact on its business”. The SEC filing notes that Ubiquiti's chief accounting officer has resigned, with an interim replacement appointed. 

 

News Source: http://www.theregister.co.uk/2015/08/09/ubiquiti_stung_by_email_spoofing_fraud/

[dalekphalm]

 

 

 

 

 

 

 

 

 

News Source: http://www.theregister.co.uk/2015/08/09/ubiquiti_stung_by_email_spoofing_fraud/

 

This is not good.

 

Ubiquiti is one of the better network technology partners of recent years, helping to stir up the relatively stagnant market, especially in the "prosumer" segment.

 

At least they didn't get hacked though. It was plain old fashioned social engineering that got them.

[Kherm]

Bummer.

[Levent]

just by impersonating? holy shit.

[qwertywarrior]

 

e-mails spoofing the address of an executive (such as a CEO) instruct employees to make the funds transfers.

is this for real . it just takes a damn email from a CEO to send 46 mil

where i work there is a huge line of procedures to just even send anything over 10,000 with hand signed documents from the administration

[dalekphalm]

is this for real . it just takes a damn email from a CEO to send 46 mil

where i work there is a huge line of procedures to just even send anything over 10,000 with hand signed documents from the administration

We don't know the entire extent of the fraudulent activity.

 

The scammers could well have even impersonated signatures via fax or scanned email document.

 

Or they really need to add a few checks into their money transfer policies.

 

We will likely never know which was the case unless they admit the latter, or internal documents come out showing the former.

[Rekx]

We don't know the entire extent of the fraudulent activity.

 

The scammers could well have even impersonated signatures via fax or scanned email document.

 

Or they really need to add a few checks into their money transfer policies.

 

We will likely never know which was the case unless they admit the latter, or internal documents come out showing the former.

 

Hopefully it won't affect them too much.

[dalekphalm]

Hopefully it won't affect them too much.

They should be able to survive, but $35 some-odd Million USD missing is going to hurt them a lot.

 

I just hope they don't lose investor or Public Perception confidence. That would destroy them instantly, even if they otherwise had enough cash to survive.

[Sidiox]

I really hope they get that money back. I love their products. I have a EdgeRouter Lite and AP that I'd hate to see lose both warranty and development (Unifi software is quite nice as is EdgeMax)

[Rekx]

I really hope they get that money back. I love their products. I have a EdgeRouter Lite and AP that I'd hate to see lose both warranty and development (Unifi software is quite nice as is EdgeMax)

I highly doubt they'll go down. It seems they are getting the money back slowly. 8 million so far.

[atrash]

Do you think there's any chance it could be an insider job too since the scammer needed the necessary copies of emails and fax to impersonate and also know how the company's internal structure/protocol in doing such large money transfer?

[dalekphalm]

Do you think there's any chance it could be an insider job too since the scammer needed the necessary copies of emails and fax to impersonate and also know how the company's internal structure/protocol in doing such large money transfer?

Sure could be, but there's no evidence of that. Social Engineering is the most likely culprit. Sometimes they can be damn convincing.

[Rekx]

Sure could be, but there's no evidence of that. Social Engineering is the most likely culprit. Sometimes they can be damn convincing.

I think they would say it if that's the issue. Would be a big deal