An unusual admission has been made by a tech firm to its investors — Posing as its employee, a hacker stole $46.7 million from the firm’s accounts online.
According to an official statement from famous networking firm Ubiquiti/UBNT, its finance department was attacked by an “outside entity” by sending a message apparently looking like an official company email.
The firm’s employees got duped by the fake emails and turned over their usernames, passwords and account numbers. This way hacker or hackers were able to steal funds from a Ubiquiti subsidiary in Hong Kong to the overseas accounts held by the hackers.
The firm stated that it had become the victim of wire fraud on June 5, 2015, and immediately contacted the subsidiary’s bank. Around $8.1 million of the stolen money was recovered and as per sources from Ubiquiti, $6.8 million more will also be recovered soon.
The company is working with overseas law enforcement agencies as well as the US law enforcement to retrieve the remaining $31.8 million. The perpetrator, however, couldn’t be determined by the firm as yet.
Ubiquiti ran an internal audit and reported that no such evidence could be found that could prove if any intellectual property, financial data and personal information of employees was stolen by the hackers. It was also determined by the audit that the firm’s hacking prevention methods proved to be ineffective and since June 5 Ubiquiti has “implemented enhanced internal controls over financial reporting.”
Investigation reveals that it was an outsider’s job and hackers weren’t from within the firm.
The Frighteningly Easy Theft Mechanism:
Nowadays it has become really easy to pull off such a scam because the majority of email systems let people spook email addresses simply by posing as someone they are not. For instance, a LinkedIn search can easily reveal the trusted finance department members of a firm.
Hackers Steal $5 Million Worth of Bitcoin with A Simple Phishing AttackAccording to security blogger Brian Krebs (who was the first one to report the hack), hackers easily spread a dummy email address, for instance, [email protected] or [email protected], to fool the finance department. Once they emailed the employees, whoever hit the “reply” button actually fell prey to the hacker’s trap and responded to the dummy email address.
FBI reports that such kinds of email scams affected businesses badly last year as collectively $215 million were lost.
That’s the reason we have always advised our readers to be extra careful while replying to the unknown emails or downloading attached files from those emails. One wrong click on a phishing email can steal all your life savings within seconds.
These cybercriminals also use malware as a tool to steal money from innocent users. In the past, hackers got hold of $100 million from the US and global banks using Malware.
Report typos and corrections to [email protected]