It is my belief that if you are planning a crime, you might as well go for the glory. The jail time is the same whether you steal $50,000 or $50 million.
I’m not sure if this is the biggest phishing scam ever, but it is the biggest I’ve heard of. A Lithuanian man named Evaldas Rimasaukas devised a scheme that extracted over $100 million from Google and Facebook. He achieved this feat by setting up a shell corporation to impersonate a large Asian manufacturer that both of these tech giants did business with. He created forged invoices, email addresses, and corporate stamps to further his scheme.
Rimasauskas allegedly registered and incorporated a company in Latvia that had the same name as the Taiwanese electronics manufacturer Quanta Computer. Then, using email addresses designed to appear as if they came from the Asian company, he sent employees of Google and Facebook bills for goods and services for over two years. The money was deposited in several east European banks.
Lithuanian law enforcement, acting on a warrant, arrested Rimašaukasin in March, U.S. federal prosecutors said in a press release. He is facing extradition to the United States. Google said it had “recouped the funds” and Facebook said it had “recovered the bulk of the funds shortly after the incident.”
The take away here is that even mega-corporations like Facebook and Google can be tricked by a clever phishing campaign. The cyber-criminals have upped their game, and are researching their intended victims thoroughly to develop scams that are very realistic and tough to detect. Of course, Google and Facebook have the resources to recover from a loss like this. If you own or manage a small business, someone has researched you company and may be perpetrating a fraud like this against your company. Talk with your accounts payable personnel about this sort of scam, and make sure there are strong controls and checks on what is approved for payment.Share