Facebook and Google Hit in $100M Scam
If you thought email phishing scams only targeted consumers and athletes looking for things in all the wrong places, think again.
Online scammers look for money wherever they can find unsuspecting victims. That includes mega companies, like Facebook and Google.
According to a criminal indictment, a Lithuanian named Evaldas Rimasaukas swindled more than $100 million by using forged email addresses, invoices, and corporate stamps to impersonate a manufacturer and bill purchasers in the United States. Fortune, in an exclusive, learned that those buyers were Facebook and Google.
Accounting Departments
"Over a two-year span, the corporate imposter convinced accounting departments at the two tech companies to make transfers worth tens of millions of dollars," according to the report. "By the time the firms figured out what was going on, Rimasauskas had coaxed out over $100 million in payments, which he promptly stashed in bank accounts across Eastern Europe."
U.S. Attorney Joon H. Kim said the government recovered much of the stolen funds, which had been wired to accounts in Latvia, Cyprus, Slovakia, Lithuania, Hungary and Hong Kong. The defendant was arrested in Lithuanian, where he awaits extradition.
"This case should serve as a wake-up call to all companies - even the most sophisticated - that they too can be victims of phishing attacks by cyber criminals," Kim said. "And this arrest should serve as a warning to all cyber criminals that we will work to track them down, wherever they are, to hold them accountable."
Business Phishing
According to reports, Facebook and Google approached the U.S. Attorney's Office about the scam and asked for help to recover money paid for fake invoices. An anonymous source told Fortune that the office "regularly hears from companies that are victims of similar phishing swindles."
"There's a plague of these kind of companies [that operate business phishing scams]," the source said.
SiliconBeat contacted Google and Facebook and asked why investors were not notified of the theft. The companies responded that they had reported the crime to authorities, and recovered their funds.
Criminal investigators generally do not discuss pending cases, and typically ask victims to keep communications confidential so they won't compromise the investigations.
Related Resources:
- Cybersecurity Tips for When You're out of the Office (FindLaw's Technologist)
- Megaupload Data Trapped on Servers for Five Years (FindLaw's Technologist)
- FTC Settles 'Supercookies' Case (FindLaw's Technologist)