A cyber scammer is thought to have netted $100 million (£77.4 million) with a brazen phishing scam targeting some of the biggest names in tech.
Upon learning that both Facebook and Google frequently used the services of Taiwanese electronics manufacturer Quanta Computer, 48-year old Evaldas Rimasauskas allegedly began a campaign of invoicing the tech giants with forged documents purporting to be from Quanta.
Rimasauskas didn’t stop at cleverly forged invoices, though. He is alleged to have gone so far as to register and incorporate a company of his own, also called Quanta Computer. The real company’s branding was then used on fake invoices, contracts and letters, which also bore corporate stamps embossed (fraudulently, of course) with the names of Google and Facebook.
The final piece of the puzzle was billing Facebook and Google for services that Quanta Computer had legitimately undertaken. Then, all Rimasauskas had to do to tie up his operation was get the money wired to his bank accounts in Latvia and Cyprus, rather than the genuine Quanta ones in Asia.
The ruse worked, and the fake invoices were paid – totalling some $100 million. It’s thought that Rimasauskas managed to get away with the scam for two years, from 2013 to October 2015.
Rather understandably, Google and Facebook didn’t want to be identified in the trial, as it’s a rather damning for these trusted companies to fall for such fakes. However, a Fortune investigation found that the “multinational technology company, specialising in internet-related services and products” was, in fact, Google, and the “multinational corporation providing online social media and networking services” was Facebook. Once outed, both companies came clean and admitted they were, indeed, the ones to have been hit.
Both firms released statements saying they worked with the law enforcement agencies throughout the investigation and that money lost to the scam had now been recovered. It appears that maybe not all of the money found its way back, though, with Facebook admitting it “recovered the bulk of the funds”.
Though the scam may seem rather old hat now, maybe even a good old-fashioned ruse, it shows that – even in today’s world of high-tech cyber security – some of the older methods can still be devastatingly effective.