Tech Duo Stung for $122m by BEC Attacker

Written by

A Lithuanian man has pleaded guilty to an audacious Business Email Compromise (BEC) scam which tricked Google and Facebook employees into wiring him $122m.

Evaldas Rimasauskas, 50, of Vilnius, pleaded guilty to one count of wire fraud, which carries a maximum sentence of 30 years in prison, it was announced yesterday.

His whaling scheme involved the registration of a company in Latvia with the same name as a data centre hardware manufacturer both Google and Facebook did business with, named Quanta Computer. He also opened bank accounts in the firm’s name in Latvia and Cyprus, according to court documents.

Rimasauskas then sent emails to both tech giants spoofed to appear as if sent from Quanta and demanding payment for non-existent goods and services rendered.

Once he received the funds, reportedly $99m from Facebook and $23m from Google, he quickly transferred them to a variety of different accounts across the globe, in Latvia, Cyprus, Slovakia, Lithuania, Hungary, and Hong Kong.

Rimasauskas even forged invoices, contracts, and letters including fake corporate stamps on behalf of Facebook and Google to deceive the banks the fraudulently obtained funds were initially wired to.

He was arrested in Lithuania in March 2017 and subsequently extradited to the US in March 2017, according to the DoJ.

Google and Facebook aren’t the first firms to have been caught out by BEC tactics. The CEO of an Austrian aerospace manufacturer was sacked after such a scam cost the firm €50 million ($55.8m).

The FBI reported total estimated worldwide losses from BEC to have exceeded $12.5bn between October 2013 and May 2018.

What’s hot on Infosecurity Magazine?