Posts

How to Phish Google and Facebook and Make Millions

Evaldas Rimasauskas, a Lithuanian man, became very rich. How? He is a criminal who used his lying skills to get more than $100 million from companies such as Facebook and Google between 2013 and 2015.

He’s now in jail, but during his trial, Rimasauskas admitted that he was guilty of several crimes including money laundering, wire fraud and identity theft. According to court records, Rimasauskas created a Latvian company called Quanta Computer Incorporated, which was the same name as a computer hardware company. He then opened several bank accounts in five different countries, which enabled him to keep the scheme up for so long.

How Did He Do It?

He basically used his skills to forge contracts, invoices and letters from existing companies, which he then submitted to banks for wire transfers. By doing things like spoofing email addresses and using the same name as a well-known hardware company, he was easily able to do this without being caught—at least for a couple of years. So, fake invoices along with phishing, and various forms of social engineering, made the victim companies think they were getting bills from a legitimate vendor. Once he got the money, he could distribute the cash to his other accounts, which was an attempt to cover his tracks.

Rimasauskas is certainly not the only person out there trying these schemes. Fake invoices are not at all a new scam. Criminals bombard businesses every day with invoices for products and services they’ve never consumed, and when accounts receivable receives an invoice and demand for payment, they often just write a check or wire the money.

The Internet Crime Complaint Center, which is part of the FBI, has said that these schemes have cost organizations more than three billion dollars in a little over three years. This was a whopping 1,300% increase when compared to the previous years. Before any invoice is ever paid, there needs to be an inquiry into the source of the invoice, a discussion of who the vendor is and if a payment is actually due.

The Maximum Jail Sentence Is…Since Rimasauskas plead guilty, there is no doubt that he is heading to jail for a longtime, and he faces a max sentence of 30 years. He has also agreed to pay back almost $50 million, which is the amount that the U.S. government was able to track as well as the amount listed in the indictment for the wire fraud charge that he faced.

If he is found guilty of every charge, he could see as much as three decades in prison. What about the companies that have been victims of Rimasauskas? According to reports, the money has been recouped, at least in the case of Google. Facebook and other companies have not yet shared if the money Rimasauskas took has been taken back.

There is so much more to this, and, while I can’t solve all the world’s problems, I can at least make you cyber-security smarter and digitally literate. Take a look at our eLearning Courses and our S.A.F.E. Certification.

Robert Siciliano personal security and identity theft expert and speaker is the author of Identity Theft Privacy: Security Protection and Fraud Prevention: Your Guide to Protecting Yourself from Identity Theft and Computer Fraud. See him knock’em dead in this Security Awareness Training video.