Google and Facebook were allegedly the victims (at least temporarily) of a $100-Million scam!
Last month, the US Justice Department charged a Lithuanian man with stealing via email phishing and related techniques a combined whopping $100 Million from two then-unnamed large technology companies. Yesterday, Fortune revealed that the two firms were (as some in the field had suspected) Facebook and Google.
The scam was quite sophisticated - yet simple. Starting in 2013, Evaldas Rimasauskas allegedly forged emails, invoices, and various other communications in order to impersonate a large Asia-based manufacturer with whom Facebook and Google regularly did business, and successfully tricked the legitimate companies into paying him for computer supplies. According to the Justice Department, Rimasauskas "was initially successful, acquiring over $100 million in proceeds that he wired to various bank accounts worldwide." Eventually, however, the firms caught on, and Rimasauskas's scam was terminated.
Was the $100 Million recovered?
While neither Facebook nor Google has revealed the extent of its losses or exactly how much of the stolen funds it has recovered, a spokesperson for Google stated that "We detected this fraud against our vendor management team and promptly alerted the authorities. We recouped the funds and we're pleased this matter is resolved." Likewise, a spokeswoman for Facebook claimed that the firm "recovered the bulk of the funds shortly after the incident and has been cooperating with law enforcement in its investigation."
Who is the alleged criminal, and with exactly what is he charged?
Rimasauskas is charged with one count of wire fraud and three counts of money laundering, each of which carries a maximum sentence of 20 years in federal prison, and one count of aggravated identity theft, which carries a (mandatory) minimum sentence of two years in federal prison. Contrary to many folks' impressions of hackers, Rimasauskas, who lives in Vilnius, is 48 years old. He denies the allegations, and is fighting extradition proceedings in Lithuania.
What lessons should you learn from this episode?
Many big and small businesses with smart employees have fallen prey to phishing scams - do not think that you or your business is immune. Learn how to stay secure - for some tips, see my article: This Email Scam Just Caused $100 Million in Fraud - and, yes, that article is about an additional $100 Million lost to a phishing-type scam. Also, be wary of email scams related to taxes - there has been a big uptick in such scams recently.