Email phishing scam tricks two US tech firms out of $100 million

It’s been reported that a Lithuanian individual who posed as an Asian-based manufacturer tricked staff into wiring funds into bank accounts.

The culprit has been identified as 48 year old Evaldas Rimasauskas who faces charges of fraud, money laundering and identity theft. The two companies affected have not been named but are major technology firms in the US.

Rimasauskas impersonated as a computer hardware manufacturer by allegedly creating and registering a business in Latvia with an identical name as a legitimate company in Asia.

Apparently for about two years between 2013 – 2015 Evaldas (and others) masked being employees of the Asian firm and sent fraudulent phishing emails to people within the large tech companies, which supposedly performed multimillion dollar deals with the manufacturer. The victim companies transferred millions to bank accounts by following email instructions and the funds were then wired into a variety of different bank accounts worldwide including Latvia, Lithuania, Cyprus, Slovakia, Hungary and Hong Kong.

This case shows that even the largest firms can be affected, everyone is at risk of cyber attacks. Cyber criminals are constantly planning attacks so it’s vital for businesses to educate employees and have strong security procedures in place.

Methods of dealing with phishing incidents:

• User training
• Public awareness
• Security measures

Phishing by cyber criminals is a sophisticated process which takes months of preparation. The criminal usually observes their target for an exceptionally long period of time before the attack.

We’ve written another blog if you wish to find out more about phishing and what procedures to implement if you have a business.