CEO Fraud, and How It Is Making Cyber Thieves Millions
Written by: Jessica Ciannamea | Fri, 18 Dec 2015 22:05:47 +0000
A normal workday morning routine may include sipping your coffee while checking your email. You find yourself rifling through dozens of spam and junk messages and hope you don't accidentally delete a legitimate message.
The concept of spam is not new, and it's usually easy to spot a bogus message. But for Ubiquiti, a California-based technology firm, a series of spam emails were so strategically crafted that the company wasn't even aware it was instantly out millions of dollars.
Through what is being called an email "cyberheist," Ubiquiti's finance department fell for hackers impersonating an employee, who most likely requested a transfer to an outside entity via wire transfer and managed to make off with $46.7 million.
Ubiquiti issued a press release in June, indicating the company was able to recover only about one-third of the money.
According to the press release, "As soon as the Company became aware of this fraudulent activity it initiated contact with its Hong Kong subsidiary's bank and promptly initiated legal proceedings in various foreign jurisdictions. As a result of these efforts, the Company has recovered $8.1 million of the amounts transferred. Furthermore, an additional $6.8 million of the amounts transferred are currently subject to legal injunction and reasonably expected to be recovered by the Company in due course."
In an August report by Brian Krebs of the Krebs On Security news blog, the FBI warned that cyber thieves stole nearly $215 million from U.S. businesses in the previous 14 months through similar scams, which start when thieves spoof or hijack the email accounts of business executives or employees.
Forty-five percent of all emails received around the world are spam, averaging about 14.5 billion spam messages sent per day, according to SpamLaws.com. Of those spam emails, about 26.5 percent are related to financial matters.
Rick Kam, president and co-founder of ID Experts Corporation, said he is seeing attempts at this type of "CEO fraud" more often. Kam said at his company, his chief financial operator receives emails from thieves on a regular basis.
"Businesses that do work globally are getting caught up in scams like this," Kam says. "They're seeing an email from someone of authority requesting they wire money out, and it's mostly lost at that point."
Kam, whose company does not do business overseas, has a leg up on scammers attempting this type of fraud. As a security expert in identity protection, data breaches, and privacy, Kam knows the sophistication of the tools these hackers use can fool even the most digitally literate.
"Hackers can set up an email address, website, and phone number that look so similar to someone important, and it's unfortunately really easy to do," he says.
For employees working in a company's financial department, or for medium and small business owners who manage their company's finances, Kam says the only thing to do is to proceed with extra caution.
"Always question someone who is requesting a money transfer via email—always." That warrants immediately calling verifying parties who can determine if it is legitimate. "It's unfortunate, but these are the times we are living in, and these types of scams are up there in terms of the amount of damage they can do."