An unusual admission has been made by a tech firm to its investors — Posing as its employee, a hacker stole $46.7 million from the firm’s accounts online.
According to an official statement from famous networking firm Ubiquiti/UBNT, its finance department was attacked by an “outside entity” through sending a message apparently looking like an official company email.
The firm’s employees got duped by the fake emails and turned over their usernames, passwords and account numbers. This way hacker or hackers were able to steal funds from a Ubiquiti subsidiary in Hong Kong to the overseas accounts held by the hackers.
The firm stated that it had become the victim of wire fraud on June 5, 2015 and immediately contacted the subsidiary’s bank. Around $8.1 million of the stolen money was recovered and as per sources from Ubiquiti $6.8 million more will also be recovered soon.
The company is working with overseas law enforcement agencies and well as the US law enforcement to retrieve the remaining $31.8 million. The perpetrator, however, couldn’t be determined by the firm as yet.
Ubiquiti ran an internal audit and reported that no such evidence could be found that could prove if any intellectual property, financial data and personal information of employees was stolen by the hackers. It was also determined by the audit that the firm’s hacking prevention methods proved to be ineffective and since June 5 Ubiquiti has “implemented enhanced internal controls over financial reporting.”
Investigation reveals that it was an outsiders’ job and hackers weren’t from within the firm.
The Frighteningly easy Theft Mechanism:
Nowadays it has become really easy to pull off such a scam because majority of email systems let people spook email addresses simply by posing as someone they actually are not. For instance, a LinkedIn search can easily reveal the trusted finance department members of a firm.
According to security blogger Brian Krebs (who was the first one to report the hack), hackers easily spread a dummy email address, for instance, firstname.lastname@example.org or email@example.com, to fool the finance department. Once they emailed the employees, whoever hit the “reply” button actually fell prey to hacker’s trap and responded to the dummy email address.
FBI reports that such kinds of email scams affected businesses badly last year as collectively $215 million were lost.
That’s the reason we have always advised our readers to be extra careful while replying to the unknown emails or downloading attached files from those emails. One wrong click on a phishing email can steal all your life savings within seconds.
Report typos and corrections to firstname.lastname@example.org