Email Scammer Takes $100 Million

John Lister's picture

A man has been arrested after allegedly scamming two US companies into sending him more than a hundred million dollars online. He posed as a legitimate computer manufacturer and issued bogus requests for payment.

The companies haven't been named, but prosecutors say one is a "multinational technology company" and the other a "multinational online social media company."

Evaldas Rimasauskus was arrested in Lithuania last week and has been charged in US courts with one count of wire fraud, one count of aggravated identify theft, and three counts of money laundering.

Bogus Company Had Same Name

Prosecutors say he set up and incorporated a company in Latvia that had the same name as a computer hardware manufacturer from Asia. He then set up bank accounts in that name in Latvia and Cyprus.

According to the prosecutors, Rimasauskus then sent a series of phishing emails to the two US victim companies. Unlike most phishing, he wasn't attempting to get them to hand over passwords or other security details. Instead it's alleged he sent emails requesting payment into his bank accounts, creating the false impression it was the Asian hardware manufacturer making the request.

The scam appears to have worked not only because the two US companies were regular clients of the hardware manufacturer, but because the bogus emails mentioned legitimate goods and services that the US companies had bought. It wouldn't have been out of the ordinary for the US companies to make multimillion-dollar payments. Prosecutors didn't say whether Rimasauskus had used phishing or other security breaches to get the details needed to make the payment requests themselves look legitimate. (Source: bbc.co.uk)

Money Quickly Siphoned Off

After receiving the payments, Rimasauskus is said to have quickly moved the money into different accounts in at least six different countries. He used forged paperwork including bogus corporate stamps to get around bank rules, which aim to verify the source of money involved in such large banks transfers.

Acting US attorney Joon H Kim said in a press release that "This case should serve as a wake-up call to all companies -- even the most sophisticated -- that they too can be victims of phishing attacks by cyber criminals." (Source: justice.gov)

What's Your Opinion?

Are you surprised two companies, particularly ones involved in technology, could fall for such a scam? How much responsibility do the victim companies bear for not verifying the bank details? Can organizations and Internet providers do more to make it harder to send bogus emails?

Rate this article: 
Average: 5 (3 votes)

Comments

Dennis Faas's picture

There is surely a lot of missing detail in this story, such as how Rimasauskus was able to know which products were being ordered from the tech comanies, which ones were received at the firms, and which ones were not paid for.

In the latter instance, the accounting department should have been able to determine whether or not an invoice was paid for, especially if the sums were huge. Even with a typical 90 days remittance this should have been spotted. I don't get it.

At any rate, I hope Rimasauskus enjoys the rest of his days in jail. It sounds like this guy is a lifetime criminal, considering he was able to forge bank paperwork and siphon money off in presumably a short amount of time.

Chief's picture

Dennis, you are correct. There is much detail missing here.
Either generally accepted accounting standards were not followed or he had a confederate on the inside.

Either one or both (my money's on the latter); I guarantee heads have or will roll.

I'd say the whale made the news and the companies are red with embarrassment which is why most of the detail was omitted.