One of the major messages of the #SecureOurWorld Cybersecurity Awareness Month is for computer users to educate themselves on how to recognize and reporting phishing schemes. One of the most insidious forms is spear phishing, which uses social engineering to craft a believable fraudulent scenario using personally recognizable details in order to extract proprietary information or money. And if you encounter someone who thinks they’re too smart to fall for a spear phishing scam, well, tell them the tale of Valdas Rimasauskas, who managed to spear phish more than $120 million from no less than Google and Facebook between 2013 and 2015 in a case of business email compromise. Let’s dive into this week’s Tech Time Warp.
The Lithuanian Rimasauskas posed as the Taiwanese company Quanta Computer—a real-life company that did real-life business with Facebook and Google. He opened bank accounts in Latvia and Cyprus under the Quanta Computer name, which made later communications to Facebook and Google employees very believable. These communications included forged contracts with falsified corporate seals that accompanied fake invoices containing wire instructions for Rimasauskas’ accounts. The employees targeted by the spear phishing attack “regularly conducted multimillion-dollar transactions” on behalf of Facebook and Google, according to the U.S. Department of Justice, so alarm bells didn’t go off in their heads.
Once Rimasauskas received wire transfers, he quickly stashed the funds in other bank accounts around the world. Eventually, someone at Google detected the fraud, and Lithuanian law enforcement apprehended Rimasauskas in March 2017. He pled guilty to wire fraud in March 2019 and was sentenced to five years in federal prison.
Did you enjoy this installation of SmarterMSP’s Tech Time Warp? Check out others here.
Photo: Faizal Ramli / Shutterstock
