Earlier this year it was reported that a Lithuanian man had been charged over an email phishing attack against two American based internet companies. The victims were not named at the time but have since been revealed as Google and Facebook. They had allegedly been tricked into wiring more than $100m to the alleged scammer’s bank accounts.
The man behind the scam, Evaldas Rimasauskas, allegedly posed as an Asia-based manufacturer and deceived the companies from at least 2013 until 2015. The Department of Justice said that ‘Fraudulent phishing emails were sent to employees and agents of the victim companies, which regularly conducted multimillion dollar transactions with ‘the Asian’ company’. Mr Rimasauskas was accused of forging invoices, contracts and letters.
A spokeswoman for Google said ‘We detected this fraud against our vendor management team and promptly alerted the authorities. We recpouped the funds and we’re pleased this matter is resolved.’ However, the firm did not reveal how much money it had transferred and recouped. Neither did Facebook, but a spokeswoman said, ‘Facebook recovered the bulk of the funds shortly after the incident and has been cooperating with law enforcement in its investigation.’
Commenting on the phishing threat facing big companies, James Maude at Avecto ( a cyber-security firm) said, ‘Sometimes staff think that they are defended , that security isn’t part of their job. But people are part of the best security you can have – that’s why you have to train them.’
According to a Europol report, the sophistication of phishing scams has increased lately. ‘CEO fraud’ – in which executives are impersonated by the scammer – is a particular worry. Such attacks often take advantage of publicly reported events such as mergers, where there may be some degree of internal flux and uncertainty. Firms are being advised to carefully verify new payment requests before authorising them.
www.bbc.co.uk/technews (28th April 2017)