Shortly before Christmas, a man from Lithuania was sentenced to 5 years in prison for stealing over $120 million from Facebook and Google employees. He was extradited to the US in 2017, pleaded guilty in March and was sentenced by a Manhattan judge last Thursday.
Fraudulent Business Email Compromise Scheme
From 2013 to 2015 a Lithuanian citizen, Evaldas Rimasauskas, helped orchestrate a fraudulent business email compromise scheme to deceive employees from tech giants such as Facebook and Alphabet Inc.’s Google.
First, he created a company in Latvia that impersonated an existing Taiwan-based computer hardware manufacturer called Quanta Computer Inc. Next, he opened bank accounts around the world, in places like Cyprus, Hungary, Latvia, Lithuania, Slovakia and Hong Kong.
Thereafter, unnamed co-conspirators sent fraudulent phishing emails to Facebook and Google employees as well as agents who regularly conducted multi-million dollar transactions with Quanta. The scammers sent them fake letters, contracts, invoices and told them that the companies owed Quanta money.
Undetected for Almost Two Years
The fraud went on from 2013 to 2015 and allegedly netted about $20 to $30 million from Google and well over $100 million from Facebook.
The documents bore false corporate stamps and some appeared to have been signed by executives and agents from Facebook and Google. Payments were directed to the phony company’s bank accounts and correspondent banks in New York and other cities.
Google detected the fraud, alerted authorities and has recouped the funds. Facebook recovered the bulk of the millions that had been stolen. Both companies worked closely with law enforcement agencies in their investigations.
Sentenced to Prison for Wire Fraud
Evaldas Rimasauskas was arrested by Lithuanian authorities in 2017 and extradited to the US. He faced a maximum prison sentence of 30 years.
The 50-year old man was sentenced by a Manhattan judge last week. In addition to the 5-year prison term, Rimasauskas has to serve two years of supervised release, forfeit close to $50 million and pay a restitution of $26 million.
Wake-Up Call to All Companies
Rimasauskas and his co-conspirators clearly had an in-depth understanding of big companies’ financial structures and operations. Companies of that size typically use advanced invoice and contract management software and follow industry-standard best practices. Nonetheless, the scammers were able to steal millions over a two-year period.
When Rimasauskas was extradited to the US, an acting US attorney gave a clear warning: “This case should serve as a wake-up call to all companies – even the most sophisticated – that they too can be victims of phishing attacks by cyber criminals. And this arrest should serve as a warning to all cyber criminals that we will work to track them down, wherever they are, to hold them accountable.”
Only One Arrested
So far, Rimasauskas has been the only one arrested and sentenced in connection to the fraud. Meaning his co-conspirators are still at large.
According to the FBI, the risk from similar cybercrimes is growing. Since 2015, an estimated $3 billion has been defrauded from companies. Business email compromise (BEC) scams are up 1300% since 2015.