On June 5th, 2015, California-based Ubiquiti Networks (a technology company) fell victim to a $46M Corporate Account Takeover (CATO) scheme using a simple, yet complicated attack from a familiar technology - email. These cybercriminals used a commonly growing approach called “CEO Fraud” or “man-in-the-email” where the business' email becomes compromised and used as a weapon to create and initiate unauthorized transactions with the financial institution. In this particular case, attackers authorized international wires to Hong Kong and other international accounts that totaled $46 million. Ubiquiti was able to recover $8.1M by working with foreign authorities, but the loss of nearly $38M is a painful pill to swallow for any organization.
TARGET: THE CUSTOMER
Man-in-the-email scams highlight the importance of monitoring cybersecurity trends and continually updating your Commercial Account Risk Assessment process, as outlined by the FFIEC Internet Banking Authentication Guidance. In addition to strengthening controls used for online systems, such as dual customer authorizations and out-of-band authentication, financial institutions need to ensure they are educating their customers. These scams target the customer, which leads to cybercriminals being able to impersonate customers and continually attempt to circumvent financial institution controls.
Secure Banking Solutions offers various Commercial Account educational packages. Learn more.
You can also enroll customers into an online training solution today and get started improving their awareness to these growing threats. Learn more.
Hacker Hour webinars are a series of free webinars hosted by SBS CyberSecurity. Unlike paid webinars, Hacker Hours are aimed to meet on a monthly basis to discuss cybersecurity issues and trends in an open format. Attendees are encouraged to join the conversation and get their questions answered. SBS will also offer products and services to help financial institutions with these specific issues.