It’s tempting to assume that technology workers are intelligent enough to avoid email fraud, but that’s not always the case. Both the FBI and the state of New York have charged a Lithuanian man, Evaldas Rimasauskas, with perpetrating a phishing campaign that siphoned $100 million away from two US tech companies companies. They’re both choosing to remain unnamed, although one is a “multinational online social media company” — you can probably whip up a short list of candidates based on that description. The scheme wasn’t particularly complicated, either, and mostly relied on less-than-attentive employees.
Between 2013 and 2015 (possibly earlier), Rimasauskas allegedly ran a fake company in Latvia that had the same name as an “Asian-based computer hardware manufacturer.” He used this bogus firm to fool victims into responding to phishing emails, getting them to wire millions of dollars to his bank accounts in Latvia and Cyprus. The fraudster quickly spread the money to accounts elsewhere in the world (including Lithuania, Hong Kong, Hungary and Slovakia), and even sent forged documents to the banks to convince them that the large sums of money were legitimate.
If the charges (which include wire fraud, identity theft and money laundering) hold up, Rimasaukas faces stiff punishment. He’s looking at a minimum of 2 years in prison if he’s found guilty of identity theft, and each of the remaining charges could get him up to 20 years behind bars. However, it’s also safe to say that his targets are learning a hard lesson, too. Even the most tech-savvy companies can fall prey to online fraud, and they may need to step up their security measures (including staff education) to prevent similar incidents.
Source: Department of Justice