A Lithuanian man awaits sentencing in a Manhattan federal court after pleading guilty to a complex email scheme that resulted in the theft of over $100 million from Google and Facebook.
According to the allegations contained in the federal indictment, from 2013 through 2015, Evaldas Rimasauskas orchestrated a fraudulent scheme designed to deceive Google and Facebook into wiring funds to bank accounts he controlled. Specifically, Rimasauskas registered and incorporated a company in Latvia that bore the same name as a legitimate Asian-based computer hardware manufacturer, Quanta Computer. He then opened, maintained, and controlled various accounts at banks located in Latvia and Cyprus in the name of the fake computer company.
Rimasauskas sent fraudulent phishing emails to employees and agents of Google and Facebook, which regularly conducted multimillion-dollar transactions with Quanta Computer, directing the money that Google and Facebook owed for legitimate goods and services be sent to the fake company’s bank accounts in Latvia and Cyprus, which were controlled by Rimasauskas.
These emails purported to be from employees and agents of Google and Facebook, and were sent from email accounts that were designed to create the false appearance that they were sent by employees and agents of those companies, but in fact, were neither sent nor authorized by them. This scheme succeeded in deceiving Google and Facebook into complying with the fraudulent wiring instructions.
After Google and Facebook wired funds intended for Quanta Computer to the fake bank accounts in Latvia and Cyprus, Rimasauskas quickly wired the stolen funds into different bank accounts in various international locations, including Latvia, Cyprus, Slovakia, Lithuania, Hungary, and Hong Kong.
Rimasauskase also forged invoices, contracts and letters that appeared to have been executed and signed by executives and agents of Google and Facebook, and which bore corporate stamps embossed with those companies’ names. He submitted these bogus documents to banks in support of the large volume of funds that were fraudulently transmitted via wire transfer.
Lithuanian authorities arrested Rimasauskas in March 2017 and he was extradited to the Southern District of New York in August 2017, where he was prosecuted by the Complex Frauds and Cybercrime Unit. The one count of wire fraud he pled guilty to carries a potential maximum sentence of 30 years in prison. He is scheduled to be sentenced on July 24, 2019.
The FBI calls this type of fraud a Business Email Compromise, which has grown by 1,300 percent since January 2015. The FBI estimates that this scheme has resulted in companies having been defrauded of more than $3 billion in recent years. Although Google and Facebook reportedly have recovered most of their money, there is no guarantee that any money will be recovered in such cases.
This scheme succeeded despite the strong financial controls in place at Google and Facebook. The weak link proved to be email and the unsuspecting individuals in those organizations who responded to those fraudulent emails. The growing popularity of this kind of attack points to the need for serious fine-tuning of financial controls and periodic training of all employees on the nature and danger posed by email phishing.
Nathan Muller is the author of 29 technical books and over 3,000 articles that have appeared in 75 publications worldwide. He also writes articles, blogs and social media content for tech companies and their executives.