Two US technology firms have been tricked out of $100m (£80.3m) through an email phishing scam. A Lithuanian man has been charged in his home country last week after deceiving the firms from at least 2013 up until 2015.
Evaldas Rimasauskas, 48, posed as an Asian-based computer hardware manufacturer used a series of email phishing attacks, which led to staff transferring money into a number of bank accounts under his control.
Mr Rimasauskas was arrested by the Lithuanian authorities last week and charged with wire fraud, money laundering and aggravated identity theft by prosecutors in the southern district of New York. The sentence could carry 20 years in prison.
The US companies have not been named, but are thought to be US-based multinationals, with one operating in social media.
US officials said that this is a wake-up call for “the most sophisticated” firms.
The Department of Justice said: “Thereafter, fraudulent phishing emails were sent to employees and agents of the victim companies, which regularly conducted multimillion-dollar transactions with [the Asian] company.”
The emails, which “purported” to be from employees and agents of the Asian firm, and were sent from fake email accounts, directed money for legitimate goods and services into Mr Rimasauskas’s accounts, they added.
Money was thought to be wired to different bank account in several locations around the world, including, Latvia, Cyprus, Slovakia, Lithuania, Hungary and Hong Kong.
Mr Rimasauskas also forged invoices, contracts and letters in order to hide his fraud from the banks. Officials said that he siphoned off more than $100m in total. However, much of the money stolen has been recovered.
Acting US Attorney Joon H Kim said: “This case should serve as a wake-up call to all companies… that they too can be victims of phishing attacks by cybercriminals.
“And this arrest should serve as a warning to all cybercriminals that we will work to track them down, wherever they are, to hold them accountable.”
The justice department did not comment on possible extradition, but said the case had been assigned to a US district judge.
Join our free-to-attend digital event, Last Thursday in Privacy, addressing data protection, privacy and security challenges including working from home, COVID-19, global regulations and more. Visit https://digital.privsec.info/.
We have been awarded the number 1 GDPR Blog in 2019 by Feedspot.