Even the most tech savvy companies in the world can fall for business email compromise.

A Lithuanian man has this week pleaded guilty to tricking Google and Facebook into transferring over $100 million into a bank account under his control after posing as a company that provided the internet giants with hardware for their data centers.

Fifty-year-old Evaldas Rimasauskas registered and incorporated a company in Latvia with the same name as Quanta Computer, a Taiwan-based electronics manufacturing giant that which been operating since the 1980s.

Knowing that Facebook and Google used Quanta’s technology in their data centers, Rimasauskas sent emails to the firms claiming to come from Quanta with forged invoices and fraudulent contracts.

All of the messages were designed to create the false impression that they had been sent by employees and agents of Quanta but had – of course – not been authorized or sent by them at all.

Through this subterfuge, Rimasauskas successfully managed to deceive the technology giants into wiring payments into bank accounts he had set up in the bogus company’s name in Cyprus and Latvia. Upon receipt, the funds would be quickly transferred into other bank accounts at various locations around the world including Latvia, Cyprus, Slovakia, Lithuania, Hungary and Hong Kong.

Rimasauskas was arrested by Lithuanian authorities in March 2017 and was extradited to the United States eight months later.

At the time of his arrest, Quanta confirmed it had been impersonated by the fraudster but said that it had suffered no financial harm itself.

In a statement issued at the time of Rimasauskas’s arrest, Quanta described the matter as “unfortunate.”

I’m not sure that Google and Facebook who lost $123 million through the scam would find “unfortunate” to be a satisfactory way to describe their being targeted in this way, (Read more...)