A Ubiquiti employee received fraudulent email requests from a cybercriminal purporting to be the company's CEO and outside, external attorney. The employee, an upper level accounting and finance officer, followed the instructions in the emails and unknowingly transferred $46.7 million over several weeks to overseas accounts held by third parties. The money was transferred from a bank account held by a Ubiquiti subsidiary in Hong Kong.

BEC scams are growing increasingly more sophisticated as hackers come up with new ways to avoid detection. In a traditional phishing scam, the fraudster would impersonate the company and interact with the bank directly, whereas in this case, the Ubiquiti employee was tricked into transferring the money himself, which avoided setting off red flags at the bank.

Additionally, the email was able to dodge spam traps because it targeted a specific upper-level Ubiquiti employee (as opposed to a mass phishing email) and was sent...

You do not currently have access to this content.