Ubiquiti Networks Says It Was Victim of $47 Million Cyber Scam

Breaking News Emails

Get breaking news alerts and special reports. The news and stories that matter, delivered weekday mornings.
By James Eng

Ubiquiti Networks, a Silicon Valley computer networking company, says it was scammed of nearly $47 million by cyber thieves. In an SEC filing this week, Ubiquiti said it expects to recoup about $15 million of that amount and is working with law enforcement to recover the remainder.

The company said it determined on June 5 that it was the victim of “criminal fraud” involving “employee impersonation and fraudulent requests from an outside entity targeting the Company’s finance department.” The scam led to the transfer of $46.7 million held by a Ubiquiti subsidiary incorporated in Hong Kong to other overseas accounts held by third parties, the company said.

Ubiquiti, whose founder and CEO is Robert Pera, owner of the Memphis Grizzlies basketball team, didn’t disclose details of the scam. Cybersecurity blogger Brian Krebs said the swindle that hit the company is commonly known as “CEO Fraud,” or the “Business Email Compromise,” in which cybercriminals use "phishing" and other email spoofs to target businesses that regularly perform foreign wire transfers.

Related: Hackers of Apple, Facebook Seen As Independent Group Seeking Money

In January, the FBI issued a public advisory about the "business email compromise" (BEC) scam, saying it cost roughly 1,200 U.S. victims nearly $215 million in losses from October 2013 to December 2014. The FBI said banks in China and Hong Kong were the most common end destinations for the fraudulent transfers.

Ubiquiti said as soon as it became aware of the scam, it started legal proceedings overseas and was able to quickly recover $8.1 million. It expects to get back an additional $6.8 million that is the subject of an injunction, and says it is continuing to pursue the recovery of the remaining $31.8 million.

"The investigation uncovered no evidence that our systems were penetrated or that any corporate information, including our financial and account information, was accessed. The investigation found no evidence of employee criminal involvement in the fraud," the company said.

U.S. and overseas law enforcement authorities are working to identify and track down the perpetrators.