Go Big or Stay Home

It is my belief that if you are planning a crime, you might as well go for the glory.  The jail time is the same whether you steal $50,000 or $50 million.

I’m not sure if this is the biggest phishing scam ever, but it is the biggest I’ve heard of.  A Lithuanian man named Evaldas Rimasaukas devised a scheme that extracted over $100 million from Google and Facebook.  He achieved this feat by setting up a shell corporation to impersonate a large Asian manufacturer that both of these tech giants did business with.  He created forged invoices, email addresses, and corporate stamps to further his scheme.

Rimasauskas allegedly registered and incorporated a company in Latvia that had the same name as the Taiwanese electronics manufacturer Quanta Computer. Then, using email addresses designed to appear as if they came from the Asian company, he sent employees of Google and Facebook bills for goods and services for over two years.  The money was deposited in several east European banks.

Lithuanian law enforcement, acting on a warrant, arrested Rimašaukasin in March, U.S. federal prosecutors said in a press release. He is facing extradition to the United States. Google said it had “recouped the funds” and Facebook said it had “recovered the bulk of the funds shortly after the incident.”

The take away here is that even mega-corporations like Facebook and Google can be tricked by a clever phishing campaign.  The cyber-criminals have upped their game, and are researching their intended victims thoroughly to develop scams that are very realistic and tough to detect.  Of course, Google and Facebook have the resources to recover from a loss like this.  If you own or manage a small business, someone has researched you company and may be perpetrating a fraud like this against your company.  Talk with your accounts payable personnel about this sort of scam, and make sure there are strong controls and checks on what is approved for payment.


About the Author:

Cybersecurity guru to business owners in the St Paul, Minneapolis, and western Wisconsin area. Computer security and hacking have been a passion of mine since I entered the computer and networking business in 2000. In 2013 I completed a course of study and certification exam to become a Certified Ethical Hacker (CEH). In 2016 I was certified as a Certified Information Systems Security Professional (CISSP). As Cybersecurity Analyst at The WyzCo Group, I help our clients experience high levels of computer security, network security, and web site security. In addition to consulting on security products and services, we also conduct security audits, vulnerability assessments and full penetration tests. We also provide Cybersecurity Awareness Training for clients and their employees. We also work with companies and organizations that need to certify compliance with regulations such as PCI-DSS (credit card processing), HIPAA/HITECH (medical records), and GLBA. The views expressed on this Web site are mine alone and do not necessarily represent the views of my employer.

Add a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.