American technology firm Ubiquiti Networks has revealed that it fell victim to a social engineering trick that saw crooks make off with $46.7 million.
In a Securities and Exchange Commission filing first picked up by security blogger Brian Krebs, the firm says that an "outside entity" impersonating an employee targeted its finance department.
The crooks managed to get $46.7 million held by a company subsidiary incorporated in Hong Kong sent to various overseas accounts.
Although Ubiquiti has not explained exactly how it was conned, 'CEO Fraud' usually sees thieves ask for wire transfers through a company executive's email account that has been accessed via phishing.
Ubiquiti says that it discovered the scam in June and has taken legal action that has seen it recover $8.1 million, while an additional $6.8 million is currently subject to legal injunction and "reasonably expected to be recovered" in due course.
An independent investigation "uncovered no evidence that our systems were penetrated or that any corporate information, including our financial and account information, was accessed".