Last week, PYMNTS featured the B2B invoice scam, a growing phenomenon in which cyberthieves hack into company email accounts or impersonate officials within a corporation to falsify invoices. The scheme leads companies to unknowingly pay the criminal, while under the impression that they are paying their supplier. But the crime, experts say, can be carried out an a variety of ways.
As crime-fighting officials across the globe become more aware of the tactic, businesses may soon be waking up to the trend as well. Unfortunately, one company has just revealed that it became aware of the crime the hard way.
In its quarterly earnings report, enterprise networking technology company Ubiquiti Networks revealed that it fell victim to the scam, also called the "Business Email Compromise" attack, last June. Through its filing with the Securities and Exchange Commission, Ubiquiti said that cybercriminals stole $39.1 million from the company when one of its staff in a Hong Kong-based subsidiary was tricked into thinking an official-looking email was actually coming from the firm’s finance department.
“The incident involved employee impersonation and fraudulent requests from an outside entity targeting the Company’s finance department,” the SEC filing said. “This fraud resulted in transfers of funds aggregating $46.7 million held by a Company subsidiary incorporated in Hong Kong to other overseas accounts held by third parties.”
Ubiquiti said that it has since recovered $8.1 million of those losses and added that it is working with law enforcement agencies. An additional $6.8 million is expected to be recovered in the near future.
An internal probe of the matter found no evidence to suggest that the company’s systems or any company data were compromised, reports said. But since the attack, Ubiquiti said it “implemented enhanced internal controls over financial reporting since June 5, 2015, and is in the process of implementing additional procedures and controls pursuant to recommendations from the investigation.”