The evolution of phishing techniques by cyber criminals has found a new milestone in the form of the recent scam involving the tech giants Facebook and Google. The scam becoming public after the indictment issued by the US Department of Justice has been based upon consistent defrauding the tech companies of $100 million over a span of two years.
In the interesting case of fraudulent email compromise scheme by a Lithuanian scammer, the indictment statement issued by the court pressed charges:
“for orchestrating a fraudulent business email compromise scheme that induced two U.S.-based internet companies (the “Victim Companies”) to wire a total of over $100 million to bank accounts controlled by RIMASAUSKAS.”
Interestingly, the scheme worked over an elaborate plan, working through proper banking channels. The tech giants, were tricked for a period spanning over two years, into wiring a whopping amount of $100 million to two bank accounts located in Latvia and Cyprus. After the transfer, the poached money was swiftly routed through a variety of bank accounts scattered across different locations throughout the world. The destinations involved banks in Latvia, Cyprus, Slovakia, Lithuania, Hungary and Hong Kong.
It was in March this year that the the scammer Evaldas Rimasauskas was arrested by the local authorities in Lithuania. He was later charged with orchestrating the scam scheme. Interestingly, both the tech companies targeted through the fraud stayed anonymous throughout the case. However, through an investigation study carried out by Fortune revealed the identity of the victim companies.
What emerges out of the proceedings of the case is not one, but two major concerns. Where the immediate concern is, obviously, the safety against the scams involving email phishing and fake suppliers which can successfully target even the tech-lord corporations; the second concern is more subtle in nature. The crime has raised certain questions, whose validity can not be ignored, about why the companies have so far kept mum over the matter. The Fortune report quoted a former head of the Securities and Exchange Commission, Mary Jo White’s observation:
“It triggers an obligation to tell investors about what happened.”
White further said:
“I understand the dynamic. You don’t want to provide a road map to future hackers into your system. But that doesn’t excuse not disclosing an event if it’s material.”