In March, it was reported that a Lithuanian man had been charged over an email phishing attack against "two US-based internet companies" who were not named at the time.
They had allegedly been tricked into wiring more than $100m to the alleged scammer's bank accounts.
On 27 April, Fortune reported that the two victims
were Facebook and Google.
The
man accused of being behind the scam, Evaldas Rimasauskas, 48,
allegedly posed as an Asia-based manufacturer and deceived the companies
from at least 2013 until 2015.
"Fraudulent phishing emails were
sent to employees and agents of the victim companies, which regularly
conducted multimillion-dollar transactions with [the Asian] company,"
the US Department of Justice (DOJ) said in March.
These
emails purported to be from employees of the Asia-based firm, the DOJ
alleged, and were sent from email accounts designed to look like they
had come from the company, but in fact had not.
The DOJ also
accused Mr Rimasauskas of forging invoices, contracts and letters "that
falsely appeared to have been executed and signed by executives and
agents of the victim companies".
"We detected this fraud against
our vendor management team and promptly alerted the authorities," a
spokeswoman for Google said in a statement.
"We recouped the funds and we're pleased this matter is resolved."
However, the firm did not reveal how much money it had transferred and recouped.
Nor
did Facebook - but a spokeswoman said: "Facebook recovered the bulk of
the funds shortly after the incident and has been cooperating with law
enforcement in its investigation."
Big firms targeted
"Sometimes
staff [at large firms] think that they are defended, that security
isn't part of their job," said James Maude at cyber-security firm
Avecto, commenting on the phishing threat facing big companies.
"But people are part of the best security you can have - that's why you have to train them."
He
also told the BBC that Avecto's clients have recounted phishing
attempts that used senior staff's hacked email accounts to convince
employees that a request to wire out money was genuine.
The sophistication of phishing scams has increased lately, according to a recent Europol report.
In order to avoid succumbing to such fraud, firms are advised to carefully verify new payment requests before authorising them.
No comments:
Post a Comment