The bad news for Evaldas Rimasauskas of Lithuania is he’s facing up to 30 years in prison for scamming Facebook and Google out of $122 million. The good news is that he only has to pay restitution of about $50million. It’s not clear what’s happened to the other $73m, according to an article on BoingBoing. So, when he gets out, he’s going to be a very rich man.
In what has to be one of the most successful business email compromises of all time, Rimasauskas conned two of the most tech savvy companies in Silicon Valley out of millions of dollars. And how did he pull off this elaborate heist? Did he craft an incredibly convincing bogus website or send emails with embedded links hoping employees would click on them? Nope. He just set up a dummy company and started sending invoices.
First, he set up a fake company called Quanta to mimic the real Quanta in Taiwan that manufactures hardware for both Facebook and Google. Then Rimasauskas sent emails to the firms claiming to come from Quanta with forged invoices and fraudulent contracts. According to an article on the security site Tripwire, “all of the messages were designed to create the false impression that they had been sent by employees and agents of Quanta.“
The article goes on to say that “Through this subterfuge, Rimasauskas successfully managed to deceive the technology giants into wiring payments into bank accounts he had set up in the bogus company’s name in Cyprus and Latvia. Upon receipt, the funds would be quickly transferred into other bank accounts at various locations around the world including
- Hungary and
- Hong Kong.”
There you have it. Two of the most high tech and profitable companies in the world getting taken in by spoofed emails. You might think with all the money these two companies make ($46 billion for Facebook and $77 billion for Google), they’d spend a few bucks on phishing awareness training for their employees. Or better yet, invest in anti-phishing tools to prevent display name spoofing to stop phishing emails. Apparently not.
The remarkable thing is the technology to prevent phishing attacks like this not only exists, but it’s very inexpensive. You can protect a small company with up to 100 employees for less than $50/month.
If it can happen to the big boys, it can happen to you. Don’t wait for your Evaldas Rimasauskas to compromise your small business. Head on over to email fraud protection and get protected from phishing attacks including business email compromise. Be smarter than Facebook and Google.