Multimillion dollar phishing victims revealed

Posted on April 28, 2017

 

The mystery surrounding the two unnamed tech giants that were duped out of more than $100m (£77.5m) in a phishing scam has been solved.

In March, the US Justice Department announced that it had arrested a man who had impersonated an Asian supplier in order to perpetrate the massive swindle, but was tight lipped over the identities of those involved. However, the case has been cracked by Fortune.com, which announced that Facebook and Google had fallen for one of the oldest tricks in the book.

History of a heist

The conman was named as Evaldas Rimasauskas, who hatched the plot back in 2013. According to the Justice Department investigation, he created forgeries of invoices, email addresses and other corporate materials intended to fool companies into thinking he was Asian manufacturer Quanta Computer, which had supplied parts for Amazon’s Kindle and Apple watches. Facebook and Google worked with the company regularly.

It was wildly successful. Over several years, it’s alleged that millions of dollars was transferred over to him and promptly squirreled away in Eastern European bank accounts. However, the long arm of the law caught up with Rimasauskas, and he is currently the target of extradition proceedings in Lithuania.

Phishing scams involving criminals posing as suppliers are not new to the US Justice Department, but a source cited by Fortune said that this case was special due to the sheer scale of it.

Was the money recovered?

Fortune reached out to Facebook and Google to confirm that they had fallen for the con, and both companies replied to the effect that they had recovered most of their cash. A spokesperson at Facebook said:

“Facebook recovered the bulk of the funds shortly after the incident and has been cooperating with law enforcement in its investigation.”

Meanwhile, Google said:

“We detected this fraud against our vendor management team and promptly alerted the authorities. We recouped the funds and we’re pleased this matter is resolved.”

Did Facebook and Google break business rules?

When a publicly traded company experiences a major event such as this, they’re required to disclose it to their investors in line with the rules of the US Securities and Exchange Commission. However, public records show that neither company reported the fraud at all. This may be due to their sheer size; although being fleeced of $100m would sink most companies, in all likelihood it hardly makes a dent in Facebook and Google’s respective coffers.

It’s not the money, it’s the principle

At Engage Web, we think that the sum is not really the issue here. Phishing scams are still rife on the internet, and have become much more sophisticated in recent years. The last thing that any company would want to publicize is how fraudsters can get their hands on your money, and there’s potential for a lot of reputational damage.

The PR departments for both companies already have enough work to do, and falling prey to a fake company while championing the fight against fake news is a wee bit embarrassing.

Like us on Facebook to see more posts like this

You might also be interested in:

No Comments »

There are no comments on this yet, be the first to write a comment.

RSS feed for comments on this post. TrackBack URL

Have your say!

Call Now Button
%d bloggers like this:

We have worked with:

minute-man-press-image
TEL: 0345 621 4321