Google And Facebook Hooked By $100m Phishing Scheme

Google and Facebook have acknowledged they were tricked out of more than $100 million (£77m) in a sophisticated phishing scam, in a case that highlights the growing sophistication of online fraud.

In late March the US justice department said it had charged a Lithuanian man named Evaldas Rimasauskas, 48, with impersonating Taiwanese electronics manufacturer Quanta Computer in order to target two US technology companies, who weren’t named in the original indictment.

Elaborate scheme

An investigation by Fortune has now indicated the companies involved were Google and Facebook, who are amongst Quanta’s clients, along with Apple and others.

Rimasauskas’ elaborate fraud, conducted between 2013 and 2015, allegedly involved establishing bank accounts in Latvia and Cyprus in Quanta’s name and tricking Facebook and Google into sending funds to those accounts by means of false invoices.

Both Google and Facebook regularly conducted multimillion-dollar transactions with Quanta, the Justice Department said.

Rimasauskas allegedly supplied banks with forged invoices, contracts and letters that appeared to have been signed and stamped by Facebook and Google in order to make the funds he received appear to have been in payment for legitimate transations.

After the funds were received he transferred them to other accounts in countries including Latvia, Cyprus, Slovakia, Lithuania, Hungary and Hong Kong, prosecutors said.

Online fraud on the rise

Facebook said it had recovered the bulk of the funds shortly after the incident and had cooperated with law enforcement authorities in the investigation, while Google, similarly, said it had detected the fraud against its vendor management team and alerted investigators.

“We recouped the funds and we’re pleased this matter is resolved,” Google said in a statement.

Rimasauskas was arrested in Lithuania in mid-March, according to investigators.

The case indicates the scale of the problem of online fraud, with even the most high-profile IT companies being affected by a problem that has more commonly been known to affect people with little awareness of technical issues, such as the elderly.

The National Audit Office (NAO) said in December that UK consumers lost at least £14.8bn to online fraud last year, while KPMG said in January that the value of fraud committed in the UK last year and reported to the court system had grown 55 percent year-on-year to £1.1bn.

UK consumers targeted

In one of the more notorious cases to strike British consumers, scammers used detailed information on TalkTalk customers that had been purchased from an outsourcing firm to make fraudulent telephone calls that were difficult to distinguish from the real thing.

The scam involved tricking users into downloading software that caused funds to be transferred from their accounts.

In another case a Dutch website developer used stolen stolen login details to access individuals’ email and social media accounts, using the information he gathered there to trick at least several hundred individuals into making fraudulent payments.

Put your knowledge of artificial intelligence (AI) to the test. Try our quiz!


Originally published at www.silicon.co.uk on May 1, 2017.

One clap, two clap, three clap, forty?

By clapping more or less, you can signal to us which stories really stand out.