so the chief accounting officer shipped 46million USD out on the basis of an email?
Ubiquiti stung US$46.7 million in e-mail spoofing fraud
Ubiquiti Networks has been defrauded of more than US$46 million by scammers who spoofed its communications. The heist was revealed in an SEC Form 8-K filing. Apart from the financial information, details are scant. The San Jose company says: “The incident involved employee impersonation and fraudulent requests from an outside …
COMMENTS
-
-
-
Monday 10th August 2015 09:44 GMT VinceH
"so the chief accounting officer shipped 46million USD out on the basis of an email?"
It's better than that - judging by the use of plurals, it was a number of smaller amounts adding up to 46 million USD.
In other words, the thieves got away with it once, for however much, then thought "Bingo! Let's go for another chunk..." - repeat until $total = 46 million, at which point someone finally thought "Hang on a mo..."
-
-
Monday 10th August 2015 00:35 GMT Anonymous Coward
Same here ( but to a lesser degree )
Yup
We got stung by exactly the same thing, only AUD$57K though :{
Traced them down, Lagos, Nigeria, no surprise there, chances of getting money back? snowflake in hell, bank care factor? 0%. Accountant? Chastened but still employed
419 Baiting? done some, got some more money mule accounts that have been reported.. Police interest? even less than the banks, and, apparently the banks are considered the victim and they have to report it ( even though they are saying "tough titties", you still owe the money (overdraft ) ), Police wont accept reports, not their job apparently...
Frustration level?? high!
Anonymous for obvious reasons ;{
Whaddya mean I cant select an Icon as an AC? I still had to login!!
-
Monday 10th August 2015 09:28 GMT Eclectic Man
Digital Signatures?
I wonder whether the exec in question actually had any form of security on his emails, like digital signatures or encryption. I mean it is not like it is dificult to get these days, or was that spoofed too?
$46million is quite a lot, you'd have thought some sort of internal security on any e-mail instructing minions to move millions would have been mandatory.
-
-
Wednesday 12th August 2015 14:42 GMT Speltier
Must be more to it
You just don't send an email saying: wire 5 mil to Shenzen Acme 419 Inc.
There must have been some kind of PO or other dunning for money, which was "authenticated" by the spoofed email saying "yes wire Shenzen Acme 419 Inc the 5 mil."
If the former was the case instead of the latter, I'm not going to buy Ubiquiti products, because a simple spoofed email could order staff to (essentially) embed a stealth rootkit in all their products!