Two multinational technology companies have fallen victim to a massive fraud spear phishing attack! A cyber criminal has been charged with breaking and entering into these two companies. The outcome of this criminal activity included a large amount of bank accounts hacked and controlled by a scammer.
The hacker Identified
The two companies that were attacked (Facebook and Google) are listed as
1. A multinational technology company, that specializes in internet-related services and products. And
2. A multinational company specializing in providing online social media and networking services.
The good thing to note is the scammer has been identified. He goes by the name of Evaldas Rimasauskas. Evaldas tricked two companies, their agents and employees into wiring him $100 million dollars, by creating fake contracts, on forged company letterhead, fake bank invoices, and various other official-looking documents.
How was it done?
"According to the criminal complaint, Rimasauskas posed as a computer hardware manufacturer by creating his own company, registered in Latvia, with the same name as a legitimate one in Asia.
For roughly two years, Rimasauskas “and others known and unknown” pretended to be employees or agents of the Asian company, according to the charges. They then sent phishing emails to representatives of the major tech firms, which regularly “conducted multimillion dollar transactions” with the manufacturer. The American firms followed the email instructions and wired tens of millions of dollars to bank accounts in Lithuania, Latvia, Cyprus, Slovakia, Hungary and Hong Kong."
Was there Justice?
"The FBI, announced criminal charges against EVALDAS RIMASAUSKAS for orchestrating a fraudulent business email compromise scheme that induced two U.S.-based internet companies (the “Victim Companies”) to wire a total of over $100 million to bank accounts controlled by Evaldas Rimasauskas. Rimasauskas was arrested during the week of March 13, 2017 by authorities in Lithuania on the basis of a provisional arrest warrant. The case has been assigned to U.S. District George B. Daniels. Evaldas Rimasauskas, 48, of Vilnius, Lithuania, is charged with one count of wire fraud and three counts of money laundering, each of which carries a maximum sentence of 20 years in prison, and one count of aggravated identity theft, which carries a mandatory minimum sentence of two years in prison. "
Sources:
- https://blog.knowbe4.com/who-were-the-two-big-us-tech-companies-that-lost-100-million-in-ceo-fraud?utm_source=hs_email&utm_medium=email&utm_content=49007533&_hsenc=p2ANqtz-_BEDFYRhV1kATuBV_ibH1WWKGH8zNFaSqMmWSgxiJzt5GBGdXlNwACMeN5cqwjSOKuMGUGii5EfwqC2-VuxC9KaAMz-A&_hsmi=49007533
- http://www.theverge.com/2017/3/21/15014614/doj-lithuanian-scammer-email-phishing-scam-tech-companies
- https://www.theguardian.com/technology/2017/mar/22/phishing-scam-us-tech-companies-tricked-100-million-lithuanian-man
- https://www.justice.gov/usao-sdny/pr/lithuanian-man-arrested-theft-over-100-million-fraudulent-email-compromise-scheme