Free Write 13

In 2015, Ubiquiti Networks Inc., a network technology firm, lost over $46 million when some entity impersonated (an) employee/s, and made fraudulent requests of the financial department. It resulted in a subsidiary in China transferring the aforementioned funds to various oversea accounts, owned by third parties.

Though specifics were not detailed, what is known is that at least 1 employee was impersonated, most likely someone of higher authority than the average employee. They contacted the finance department, and requested money transfers to the accounts, most likely set up for this purpose. The department, thinking these came from the person it looked like it was from, did as they asked.

The firm lost $46.7 million at the beginning of this nightmare, but was able to recover about $8 million fairly quickly, and were working on recovering almost another whole $7 million. But still, that’s a whole bunch that just will never be recovered. As it was a publicly traded company, their public image was tarnished, and obviously, it made them seem like a potentially bad investment. I’m sure they definitely had to do a major overhaul of security, and hopefully some cybersecurity training for their employees.

The people who benefitted from this were the ones who ended up with the money. Though some of it was able to be recovered, over 2/3rds of it is still missing. So, someone made off like a literal bandit. $30 million is nothing to sniff at. In a way, I suppose it also works as a cautionary tale for others. Be careful, or this could happen to you.

One way to help combat user impersonation is to have, at a minimum, two-factor confirmations in place. Make sure people are aware that they are the weakest link. Train users to know what to look for in spoofed links, and phishing emails. Raise awareness. It could save millions of dollars!

Sources

https://www.vadesecure.com/en/business-email-compromise-bec/

https://krebsonsecurity.com/2015/08/tech-firm-ubiquiti-suffers-46m-cyberheist/