Google and Facebook scammed out of $100 million in online phishing fraud, allegedly by Lithuanian: report

New York federal prosecutors in a December indictment didn’t name two tech companies hit for a total of $100 million in an online scam — they were Victim 1 and Victim 2 in the charging document.

Victim 1 was “a multinational technology company, specializing in internet-related services.” Victim 2 was “a multinational corporation providing online social media and networking services.”

Both were headquartered in the U.S., according to the indictment, and both conducted “multi-million-dollar transactions” with an Asian computer-hardware maker.

Now an investigation by a business-news outlet has found that Victim 1 was Google and Victim 2 was Facebook.

“In 2013, a 40-something Lithuanian named Evaldas Rimašaukas allegedly hatched an elaborate scheme to defraud U.S. tech companies,” Fortune reported April 27.

“According to the Justice Department, he forged email addresses, invoices, and corporate stamps in order to impersonate a large Asian-based manufacturer with whom the tech firms regularly did business. The point was to trick companies into paying for computer supplies.”

Authorities claim the trick worked.

“Over a two-year span, the corporate imposter convinced accounting departments at the two tech companies to make transfers worth tens of millions of dollars,” according to Fortune. “By the time the firms figured out what was going on, Rimašaukas had coaxed out over $100 million in payments, which he promptly stashed in bank accounts across Eastern Europe.”

Lithuanian authorities, acting on a warrant, arrested Rimašaukasin in March, U.S. federal prosecutors said that month in a press release.

“This case should serve as a wake-up call to all companies – even the most sophisticated – that they too can be victims of phishing attacks by cyber criminals,” acting U.S. Attorney Joon H. Kim said in the release.

Rimasauskas, facing extradition from Lithuania, denied the allegations.

“Mr. Rimasauskas cannot expect a fair and impartial trial in the U.S.A,” his lawyer Linas Kuprusevicius said in an email to Fortune.

“The uncertainty is further increased taking into account the behavior of FBI agents during the interrogations of Mr. Rimašaukas, frightening him with long years in U.S. prisons, and the transfer of computers to U.S. law enforcement officials, which was made without the presence of the owner.”

Federal prosecutors alleged Rimasauskas had registered and incorporated a company in Latvia that had the same name as the Asian hardware firm. Then, using email addresses designed to appear as if they came from the Asian company, he sent employees of the two companies bills for goods and services, prosecutors claimed.

Taiwanese electronics manufacturer Quanta Computer has said it was the Asian company the scammer impersonated.

Google and Facebook told Fortune they were indeed the firms targeted in the scam. Google said it had “recouped the funds” and Facebook said it had “recovered the bulk of the funds shortly after the incident.”

The events raise questions about whether the companies should have reported the scam to shareholders, Fortune reported. Beyond the initial financial loss, reputational issues connected to internal controls over assets could have been material, the article suggested.

Google and Facebook did not immediately respond to a request from SiliconBeat for an explanation as to why investors were reportedly not notified.

In a statement that didn’t provide that explanation, Google said, “We detected this fraud against our vendor management team and promptly alerted the authorities. We recouped the funds and we’re pleased this matter is resolved.”

Facebook also didn’t provide the explanation, and said in a statement, “Facebook recovered the bulk of the funds shortly after the incident and has been cooperating with law enforcement in its investigation.”



Photo: A Google data center in Council Bluffs, Iowa. (AP Photo/Google, Connie Zhou, File)


Tags: , , , , , , , ,


Share this Post

  • I dont get it … what did they buy from them to warrant the exchanging of funds in the millions ?

    • Hiren Patel

      Computer supplies, impersonating a vendor they regularly did business with. I can see how at the scale google and facebook buy computer equipment, it can get to such large amounts without too much trouble..