Man steals over $100 million from Facebook and Google pleads guilty
A man from Lithuania has been convicted of stealing over $100 million from Facebook and Google by sending them fake invoices.
Evaldas Rimasauskas pleaded guilty this week after being arrested in 2017. Between 2013 and 2015, Rimasauskas sent phishing emails to both tech companies disguised as invoices demanding payments. And over the course of those two years, both companies paid up. Google an estimated $23 million, and Facebook a whopping $98 million.
Now before you think of turning to a life of crime and start authoring your own fake invoice emails, it wasn’t quite as easy as just sending out fake invoices to large tech companies and waiting for the money to roll in. Rimasaukas is a professional cyber crook, and there was plenty of work that went into making the scam as believable as possible.
Firstly, he set up a company in Latvia under the same name as a real company that both Facebook and Google worked with, Quanta Computers – the real Quanta is based in Tawian. This made the fund request on the invoice appear more convincing. He also set up a network of fake bank accounts across the world to funnel his ill-gotten gains into, in an attempt to mask his digital paper trail.
Sponsored Content. Continued below...
Then of course there are the invoices themselves, that used fake embossed corporate stamps and were designed to look just like a real invoice that someone working in the accounting department of either Facebook or Google would come across every day. The invoices had to list services and products that Facebook and Google would normally use in order to avoid suspicion, and the value of the invoice would have to be something the accounting department would be familiar with.
Of course, companies like Facebook and Google pay lots of money for services they hire, so Ramasauskas was able to fleece a great deal of money from the two companies.
Ramasausakas may have put a fair deal of extra effort with these scams, but it’s still a pretty basic fake invoice phishing scam that have been around for years, so it’s still something that tech companies in particular shouldn’t be falling for.
Sponsored Content. Continued below...
It’s an important lesson for accounting and finance departments to be aware of – and that’s verifying invoices are the real deal before coughing up the money. For businesses there are a number of checks and procedures you can have to make sure you don’t get conned in this way.
For example, keep the payment details of companies you regularly transfer money to on file, and require strict checks if those payment details ever change. Always require multiple people – including at least someone well versed in cyber-crime – to sign off and approve large payments, and always educate your staff in how such scams can work.
And remember, anyone can send you an invoice and anyone versed in digital artwork software like Photoshop can make invoices appear to have originated from legitimate companies.
Since his arrest, Google has claimed to retrieve all of their stolen money, and Facebook has claimed they’ve gotten “most of it” back. As for Ramasauskas himself, he pleaded guilty this week and is looking at a possible 30 year stretch in a US jail when he’s sentenced in July this year.