Cyber Scam Gets Executive to Wire Funds to the Hackers

Ubiquiti Networks, Inc. was recently the victim of a cyber scam in which the thieves sent spoof communications to executives to trick them into wiring funds to the fraudsters to the tune of $46.7 million. Go to Krebs on Security, http://krebsonsecurity.com/2015/08/tech-firm-ubiquiti-suffers-46m-cyberheist/, for a good historical perspective on this scam, but the way it works is this: Hackers gain access to an executive’s inbox, often through a phishing e-mail. Then they will send a “spoof” e-mail that looks like it is coming from the executive, to another person within the company instructing them to wire funds to a third party.

Hackers will frequently watch the victim’s e-mail account to learn habits and patterns before sending the spoof e-mail. The businesses most at risk are those that regularly engage in wire transfers. How does a business protect itself against this scam? Institute processes and controls for communication and back-up verification whenever one person in the company is requested to wire funds to an unknown or unfamiliar account.

By: Richard Sheinis, Esq.

Leave a comment