A Lithuanian man has been charged with defrauding two major US tech companies of $100 million via an email phishing scam.
In a statement issued this week, the US Department of Justice (DoJ) said that Lithuanian native, Evaldas Rimasauskas masterminded a sophisticated phishing scheme that over the course of two years targeted US firms. The Eastern European managed to con the tech giants out of $100 million by pretending to be a legitimate Asian business partner of at least one of the victims.
The charges of wire fraud, money laundering and aggravated identity theft mean that Rimasauskas could face a maximum prison sentence of 20 years if convicted. “This case should serve as a wake-up call to all companies – even the most sophisticated – that they too can be victims of phishing attacks by cyber criminals,” acting US Attorney General, Joon Kim, said in a statement.
Rimasauskas conducted the scam by posing as a computer hardware manufacturer, creating his own company, registered in Latvia, that held the same name as the US tech firms legitimate partner in Asia.
By forging letters, invoices, corporate stamps and contracts in the same names of the US targeted companies, Rimasauskas, was able to send email instructions that the companies then used to wire tens of millions of dollars to bank accounts in Lithuania, Latvia, Cyprus, Slovakia, Hungary and Hong Kong, attempting to conceal his involvement through misdirection and technical sleight of hand.
According to the DoJ, Rimasauskas, was able to scam a total of over $100 million from the tech firms. Most of that money however, has now been recovered.
The names of the two US firms involved has so far not been revealed.
“This arrest should serve as a warning to all cybercriminals that we will work to track them down, wherever they are, to hold them accountable,” said acting Attorney General, Koon.