An elaborate phishing scam saw a Lithuanian cybercriminal trick two major US tech firms out of $100m. Evaldas Rimasauskas, 48, allegedly posed as an Asian hardware manufacturer, sending out phishing emails to employees of two specific US firms, duping them into wiring him millions of dollars, according to a recently unsealed US Justice Department indictment.
Rimasauskas was arrested by Lithuanian authorities last week. Between 2013 and 2015, the cybercriminal allegedly orchestrated an elaborate scam campaign, targeting two specific US firms. Authorities refrained from mentioning the names of the victim firms, identifying one as a “multinational technology company, specialising in internet-related services and products, with headquarters in the United States”, and the other as a “multinational corporation providing online social media and networking services”.
Acting US attorney Joon H Kim said: “From half a world away, Evaldas Rimasauskas allegedly targeted multinational internet companies and tricked their agents and employees into wiring over $100m to overseas bank accounts under his control. This case should serve as a wake-up call to all companies – even the most sophisticated – that they too can be victims of phishing attacks by cyber criminals.”
FBI Assistant Director William F Sweeney Jr said: “As alleged, Evaldas Rimasauskas carried out a business email compromise scheme creatively targeting two very specific victim companies. He was initially successful, acquiring over $100m in proceeds that he wired to various bank accounts worldwide.”
Rimasauskas allegedly created fake contracts on fraudulent company letterheads, fake bank invoices and a range of other official-looking documents in efforts to trick the employees of victim firms into transferring large sums of money to him. He also allegedly maintained bank accounts in Latvia, Cyprus and numerous other countries across the globe.
Despite his success in duping the two tech giants into handing over millions, the cybercriminal appeared to not have been too careful covering up his digital tracks. Authorities claim that his digital footprint led investigators to unmask his con eventually leading to his arrest.
Rimasauskas has been charged with one count of wire fraud and three counts of money laundering, each of which carries a maximum prison term of 20 years. He is also charged with one count of aggravated identity theft which carries a mandatory minimum sentence of two years.