Google And Facebook Duped In $100 Million Email Phishing Scam

One might assume that some of the world's largest tech companies would be far too sophisticated to fall for the most generic of web scams, but lest we forget that these same companies are also staffed by real humans that can make mistakes. Unfortunately for some, though, those slip ups can cost other people a lot of headaches and money.

Case in point: Google and Facebook. From the attorney's office from the southern district of New York, we learn of a Lithuanian man named Evaldas Rimasauskas that managed to scam a staggering $100 million out of Google and Facebook directly, and it all happened through basic social engineering.

Google logo on wall

Between 2013 and 2015, Rimasauskas incorporated a company in Latvia which bore the same name as an Asian computer manufacturer, to appear legitimate, and then sent phishing emails to key people at Google and Facebook to see who would be sucked in. The people targeted regularly conduct large transfers involving millions of dollars, so sending this much would have seemed routine - especially when these transactions were was going through to a recognizable name, or at least so they thought.

After he successfully received the funds from each one of these companies, Rimasauskas immediately wired the money into different bank accounts across the globe. Further, he faked invoices and contracts to appear as if they were signed-off by staff of the victim companies.

Facebook Headquarters Logo

Rimasauskas is ultimately being charged with three counts of money laundering and one count of aggravated identity theft. The former can result in up to 20 years in prison for each offense, while the latter carries a minimum sentence of 2 years in prison.

In a statement, US Attorney Joon H. Kim says that this "case should serve as a wake-up call to all companies". You can say that again.