It seems hard to believe that tech companies like Facebook and Google could fall victim to phishing scams, but between 2013 and 2015 both were tricked into paying tens of millions of dollars to a team of scammers.
Last week a 50-year-old Lithuanian man admitted his role in the fraud, which netted a reported $98 million from Facebook and $23 million from Google. Evaldas Rimasauskas pleaded guilty to one count of wire fraud and has also been charged with counts of aggravated identity theft and money laundering. He could face up to 30 years behind bars when a New York judge passes sentence in July.
According to Bloomberg, prosecutors alleged that Rimasauskas set up the elaborate phishing scheme by posing as Quanta Computer, a Taiwanese electronics manufacturer whose clients included Google and Facebook.
Working with a team of unidentified accomplices, the criminals forged email addresses, invoices, and corporate stamps to trick the two tech giants into transferring huge payments to bank accounts set up by Rimasauskas.
The Lithuanian national told the court that he made fake bank accounts in several countries for receiving the payments, and also signed bogus contracts and documents that helped to process the transfers.
Reports suggest that Rimasauskas, who was extradited to the United States from Europe in 2017, created the infrastructure that made the fraudulent payments possible, but played little to no part in the specific actions that persuaded Facebook and Google to hand over the money.
Google told Bloomberg in a statement that it has since recovered the payments, while Facebook said it had “recovered the bulk of the funds shortly after the incident,” adding that it’s been cooperating with law enforcement about the incident.
Commenting on the case, Geoffrey Berman, U.S. attorney for the Southern District of New York, said in a statement: “As Evaldas Rimasauskas admitted today, he devised a blatant scheme to fleece U.S. companies out of $100 million, and then siphoned those funds to bank accounts around the globe.”
He went on: “Rimasauskas thought he could hide behind a computer screen halfway across the world while he conducted his fraudulent scheme, but as he has learned, the arms of American justice are long, and he now faces significant time in a U.S. prison.”
The swindle (or variations of it) has been seen before and is similar in some ways to one that hit Japan Airlines in 2017 when an employee at the carrier was tricked into making several payments totaling around $3.4 million into bank accounts that had been set up by fraudsters. Such scams often only come to light when the real company that’s expecting the funds contacts its client to inquire about the whereabouts of its payment.