Security

How one man's phishing scam cost two major US tech companies $100M

By pretending to be a major supplier, a Lithuanian man recently took two multinational companies for a lot of money. Here's what your business needs to know.

phishing.jpg
Image: iStockphoto/weerapatkiatdumrong

Evaldas Rimasauskas, a 48-year-old Lithuanian man, was recently arrested after allegedly stealing more than $100 million from two major US tech companies through the use of sophisticated phishing techniques. The US Attorney's Office for the southern district of New York announced the arrest in a press release on Tuesday.

According to the release, Rimasauskas was able to deceive two multinational companies and their employees, making them believe that he was representing an existing computer hardware manufacturer based in Asia, the release said. After conducting multiple transactions, amounting in total to more than $100 million, he was eventually discovered by one of the banks.

"This case should serve as a wake-up call to all companies - even the most sophisticated - that they too can be victims of phishing attacks by cyber criminals," acting US attorney Joon H. Kim said in the release.

SEE: There's a new Gmail phishing attack going around, and it's fooling everyone

It is estimated that Rimasauskas performed the scam from 2013 to 2015, specifically targeting one "technology company" and another "online social media company," the release said. Rimasauskas incorporated a company in Latvia under the same name as the Asian hardware company, and opened multiple bank accounts in the name of the company as well.

Phishing emails composed by Rimasauskas claimed to be from employees of the hardware manufacturer he was impersonating, the release said. The emails claimed that the victim companies owed money for products and services, and asked for money to be wired to one of the bank accounts he had set up. Additional invoices, contracts, and letters were forged by Rimasauskas to make it look like leaders and executives at the victim companies had signed off on the deals.

The release also noted that Rimasauskas is being "charged with one count of wire fraud and three counts of money laundering, each of which carries a maximum sentence of 20 years in prison, and one count of aggravated identity theft, which carries a mandatory minimum sentence of two years in prison."

According to the most recent Phishing Activity Trends Report from the Anti-Phishing Working Group (APWG), 1,220,523 attacks happened in 2016, marking a 65% increase from 2015. Over the past 12 years, the group found that attacks have increased 5,753%.

While some attacks are very sophisticated, others are easier to spot. Worried business leaders should take a look at these 10 tips for spotting a phishing email, and take steps to avoid these types of attacks.

The 3 big takeaways for TechRepublic readers

  1. A Lithuanian man used phishing techniques to scam two major US tech companies out of $100 million.
  2. The emails sent by the attacker claimed to be from a vendor seeking payment, and had supporting documents that appeared to be signed by leaders in the victim companies.
  3. Businesses must take steps to educate employees on phishing practices so they can better detect and avoid these attacks.

Also see

About Conner Forrest

Conner Forrest is a Senior Editor for TechRepublic. He covers enterprise technology and is interested in the convergence of tech and culture.

Editor's Picks

Free Newsletters, In your Inbox