In March, a report divulged that a Lithuanian man was facing charges due to an email phishing attack against “two US-based internet companies” that remained unnamed at that time.
These companies had reportedly been duped into wiring over $100 million to the accused scammer’s bank accounts.
On April 27th, it was finally revealed to the public by Fortune that the two victims of this scam were Facebook and Google.
The man accused of being the mastermind behind the con, 48-year-old Evaldas Rimasauskas, supposedly pretended to be a manufacturer based in Asia and had been fooling the companies from at least 2013 until 2015.
“Fraudulent phishing emails were sent to employees and agents of the victim companies, which regularly conducted multimillion-dollar transactions with [the Asian] company,” the US Department of Justice said in a statement released in March.
These emails were framed as if they were from employees of this Asia-based firm, according to the Department of Justice. Additionally, they were allegedly sent from email accounts that were specifically designed to look like they had come from the company—which they, in fact, had not.
The Department of Justice continued on to accuse Rimasauskas of forging invoices, letters, and contracts which all “falsely appeared to have been executed and signed by executives and agents of the victim companies.”
“We detected this fraud against our vendor management team and promptly alerted the authorities,” a spokeswoman for Google recently explained in a statement regarding the case.
She continued on to affirm that, “We recouped the funds and we’re pleased this matter is resolved.”
Regardless of the previous public statement, Google has not yet revealed, nor have they exhibited any intention of revealing, the quantity of money that it had transferred and then recovered in this scam.
Facebook has taken a similar stance in withholding the information regarding the exact numbers and quantity of money involved. However, a spokeswoman for the company recently stated that “Facebook recovered the bulk of the funds shortly after the incident and has been cooperating with law enforcement in its investigation.”
“Sometimes staff [at large firms] think that they are defended, that security isn’t part of their job,” asserted James Maude, who is employed by the cyber-security firm Avecto, in a commentary regarding the phishing threat that big companies are being faced with more than ever in the current era.
Maude continued further to opine: “But people are part of the best security you can have – that’s why you have to train them.”
Furthermore, he informed the BBC that Avecto’s clients have detailed phishing efforts that went as far as to utilize senior staff members’ hacked email accounts in an attempt to persuade employees that a particular request to wire out money was authentic.
According to a study recently conducted by Europol, the level of sophistication of phishing scams has been greatly escalating lately.
The same Europol report identified the “CEO fraud” as a popular concern. This type of fraud typically involved one or more executives of the targeted company being impersonated by the scammer in an attempt to make the effort seem more convincing and to fool the victims more easily.
“The request is usually time-sensitive and often coincides with the close of business hours to make verification of the request difficult,” the report further explicated.
“Such attacks often take advantage of publicly reported events such as mergers, where there may be some degree of internal flux and uncertainty.”
The best way to considerably diminish its chances of falling victim to such scam, according to professionals in the cyber-security field, is for firms to attentively verify new payment requests prior to authorizing them.
Featured Image via Wikimedia.