Phishing has usually been consigned to Nigerian princes and retirees who had no idea about technology. Those duped by these scams have traditionally been the laughing stock of the tech world, and the perpetrators are usually low grade scammers looking for small fish.
These days the phishermen have widened the net and are looking for some larger fish. The DoJ is now charging a man from Lithuanian named Evaldas Rimasauskas with a number of serious charges (money laundering, identity theft, and fraud) after he succeeded in scamming two huge tech companies for north of $100 million by pretending to be an electronics manufacturer from Taiwan. A new report last week has revealed that two of the large companies that were taken advantage of were Facebook and Google.
The companies both made public that their employees were taken advantage of by this scam through a series of falsified paperwork systems and a complex network of bank accounts and payment structures throughout Europe and Asia. The stunning reality is that a single criminal with some fake bank statements and invoices could dupe such massive corporations for so much money. He was able to walk through the normal safeguards and gate keepers and produce a phishing expedition of massive proportions. The cold reality is that if one Lithuanian with a word processor and some forged emails can scam companies like Google and Facebook, the phishing world is changing rapidly.
Rimasauskas is now facing some substantial prison time because of the criminal wire fraud and a large number of counts of money laundering and identity theft. He will likely spend the rest of his life in jail. However, he is the first of what promises to be a long run of phishermen working this sort of marketplace. Both the DoJ and the FBI are now looking into the potential of this kind of large scale cyber-crime in far more detail than before. U.S. Attorney Joon H. Kim commented: “From half a world away, Evaldas Rimasauskas allegedly targeted multinational internet companies and tricked their agents and employees into wiring over $100 million to overseas bank accounts under his control. This case should serve as a wake-up call to all companies – even the most sophisticated – that they too can be victims of phishing attacks by cyber criminals.” As Mr. Kim so wisely points out, companies need to be far more careful than they used to when it comes to phishing scams.
The world of Nigerian princes and retirees is becoming far more complex, and companies should be warned to vet their distributors, manufacturers, and suppliers more carefully in the coming years. Methodologies that worked 10 years ago need to be updated, and systems for cross checking these vendors will need to be rapidly put into place. Companies like Google and Facebook can handle this sort of hit, but not everyone can.