A Lithuanian Phisher Tricked Two Big US Tech Companies Into Wiring Him $100 Million

According to a recent indictment from the U.S. Department of Justice, a 48-year-old Lithuanian scammer named Evaldas Rimasauskas managed to trick two American technology companies into wiring him $100 million. He was able to perform this feat "by masquerading as a prominent Asian hardware manufacturer," reports The Verge, citing court documents, "and tricking employees into depositing tens of millions of dollars into bank accounts in Latvia, Cyprus, and numerous other countries." From the report: What makes this remarkable is not Rimasauskas' particular phishing scam, which sounds rather standard in the grand scheme of wire fraud and cybersecurity exploits. Rather, it's the amount of money he managed to score and the industry from which he stole it. The indictment specifically describes the companies in vague terms. The first company is "multinational technology company, specializing in internet-related services and products, with headquarters in the United States," the documents read. The second company is a "multinational corporation providing online social media and networking services." Both apparently worked with the same "Asia-based manufacturer of computer hardware," a supplier that the documents indicate was founded some time in the late '80s. What's more important is that representatives at both companies with the power to wire vast sums of money were still tricked by fraudulent email accounts. Rimasauskas even went so far as to create fake contracts on forged company letterhead, fake bank invoices, and various other official-looking documents to convince employees of the two companies to send him money. Rimasauskas has been charged with one count of wire fraud, three counts of money laundering, and aggravated identity theft. In other words, he faces serious prison time of convicted -- each charge of wire fraud and laundering carries a max sentence of 20 years. The court documents don't reveal the names of the two companies. Though, one could surely think of a few candidates that would fit the descriptions provided in the court documents.

But does he get to keep the money?

[argee]

Ivan Boesky did. 300 million as I recall. It was transferred to his wife, divorced, she kept it.
He serves a year in jail, gets out, wife gifts him most of it back.

Interesting how few controls there are

[ErichTheRed]

I've worked for big companies most of my career, and regular employees making purchases, signing contracts, etc. takes an act of God. I can't spend $100 on supplies without getting competitive bids. But there are apparently some very stupid people who have full unrestricted access to the bank accounts.

How do people fall for phishing scams anymore? Everyone has to know this by now -- never trust email requesting you to do anything involving linking to a website, sending money, etc. This could have all been resolved by someone calling and asking if they should really pay this $8 million "invoice" with an irreversible wire transfer.

It reminds me of how people were talking about the Podesta email incident as some massively complex hacking job. It wasn't -- they found out he still used Yahoo Mail and phished him. I can't believe that (a) one of the most powerful political operatives in the Clinton campaign uses Yahoo Mail, and (b) that he fell for it.