Posts

How to Phish Google and Facebook and Make Millions

Evaldas Rimasauskas, a Lithuanian man, became very rich. How? He is a criminal who used his lying skills to get more than $100 million from companies such as Facebook and Google between 2013 and 2015.

He’s now in jail, but during his trial, Rimasauskas admitted that he was guilty of several crimes including money laundering, wire fraud and identity theft. According to court records, Rimasauskas created a Latvian company called Quanta Computer Incorporated, which was the same name as a computer hardware company. He then opened several bank accounts in five different countries, which enabled him to keep the scheme up for so long.

How Did He Do It?

He basically used his skills to forge contracts, invoices and letters from existing companies, which he then submitted to banks for wire transfers. By doing things like spoofing email addresses and using the same name as a well-known hardware company, he was easily able to do this without being caught—at least for a couple of years. So, fake invoices along with phishing, and various forms of social engineering, made the victim companies think they were getting bills from a legitimate vendor. Once he got the money, he could distribute the cash to his other accounts, which was an attempt to cover his tracks.

Rimasauskas is certainly not the only person out there trying these schemes. Fake invoices are not at all a new scam. Criminals bombard businesses every day with invoices for products and services they’ve never consumed, and when accounts receivable receives an invoice and demand for payment, they often just write a check or wire the money.

The Internet Crime Complaint Center, which is part of the FBI, has said that these schemes have cost organizations more than three billion dollars in a little over three years. This was a whopping 1,300% increase when compared to the previous years. Before any invoice is ever paid, there needs to be an inquiry into the source of the invoice, a discussion of who the vendor is and if a payment is actually due.

The Maximum Jail Sentence Is…Since Rimasauskas plead guilty, there is no doubt that he is heading to jail for a longtime, and he faces a max sentence of 30 years. He has also agreed to pay back almost $50 million, which is the amount that the U.S. government was able to track as well as the amount listed in the indictment for the wire fraud charge that he faced.

If he is found guilty of every charge, he could see as much as three decades in prison. What about the companies that have been victims of Rimasauskas? According to reports, the money has been recouped, at least in the case of Google. Facebook and other companies have not yet shared if the money Rimasauskas took has been taken back.

There is so much more to this, and, while I can’t solve all the world’s problems, I can at least make you cyber-security smarter and digitally literate. Take a look at our eLearning Courses and our S.A.F.E. Certification.

Robert Siciliano personal security and identity theft expert and speaker is the author of Identity Theft Privacy: Security Protection and Fraud Prevention: Your Guide to Protecting Yourself from Identity Theft and Computer Fraud. See him knock’em dead in this Security Awareness Training video.

Facebook + Hackers – Privacy = You Lose

I’m as sick of writing about it as you are sick of reading about it. But because Facebook has become a societal juggernaut: a massive inexorable force that seems to crush everything in its way, we need to discuss it because it’s messing with lots of functions of society.

We should all now know that whatever you post on Facebook is not private. You may think it is, but it isn’t. Even though you may have gone through all kinds of privacy settings and locked down your profile, Facebook has changed them up internally so many times that they may have defaulted to something far less private then what you previously set.

Furthermore, no matter how private you have set them to, if you friend someone who you don’t know (like that human resource officer), they see what’s “private” and anyone on the “inside” can easily replicate anything you post to the world.

The activist groups waging what amounts to an undeclared war against the social-networking site for the last year, complete with no fewer than three letters to federal regulators claiming Facebook’s actions are illegal said that they’re hardly ready to declare a truce.

Attacks targeting Facebook users will continue, and they could easily become even more dangerous. Computerworld reports “There are limitations to what Facebook can do to stop this,” said Patrik Runald, a U.K.-based researcher for Websense Security Labs. “I wouldn’t be surprised to see another attack this weekend. Clearly, they work.”

Websense has identified more than 100 variations of the same Facebook attack app used in the two attacks, all identical except for the API keys that Facebook requires.

What does this mean to you?

For crying out loud stop telling the world you hate your boss, neighbor, students’ teachers, or spouse and you’d like to boil a bunny on the stove to teach them a lesson. I guarantee even if you are kidding, someone won’t like it. What you say/do/post, lasts forever.

Stop playing the stupid 3rd party games. When you answer “25 questions about whatever” that data goes straight into the hands of some entity that you would never have volunteered it to.

Make sure you PC is secured. Keep your operating system up to date with security patches and anti-virus and don’t download anything from any email you receive or click links in the body of any email. Once you start messing with these files you become a Petri dish spreading a virus.

Robert Siciliano personal security expert to Home Security Source discussing Facebook scams on CNN.