Five years in the clink for super-crook who scammed Google, Facebook out of $120m with fake tech invoices

Lithuanian bloke locked up for mother of all phishing capers

A Lithuanian hacker will spend the next five years behind bars for masterminding a $120m (£92.05m) scam that involved emailing fake IT equipment invoices to Facebook and Google.

A US district court in New York on Thursday handed Evaldas Rimasauskas the 60-month sentence, along with a bill for $26,479,079 in restitution, after he admitted to one count of wire fraud. He had faced a maximum of 30 years in the cooler.

This came after Rimasauskas pleaded guilty to overseeing the phishing scam that allowed him to collect money transfers from Google and Facebook under the guise of a Taiwanese equipment manufacturer.

The super-fraud pulled off the massive cash scam by creating lookalike domains and email accounts for Quanta, a Far Eastern contract manufacturer that builds, among other things, server components.

Those fake accounts were then used to contact employees at both Facebook and Google between 2013 and 2015 and supply them with phony invoices that each of the tech giants thought were for real purchases (they were, mind you, likely doing business with the real Quanta while this was going on.)

Rimasauskas then directed his victims to make wire payments into overseas accounts he controlled.

While these sort of business email compromise attacks are hardly new concepts, it is rare to see one succeed against two companies of this size and net such a large payout for the attacker. When all was said and done, it was estimated that the two tech giants filled Rimasauskas' coffers to the tune of just over $120m.

cash

VCs find exciting new way to blow $1m: Wire it directly to hackers after getting spoofed

READ MORE

He was indicted on the charge just before Christmas of 2016, got picked up by Lithuanian police in March of 2017, made his initial US court appearance in August of that year, and finally agreed to take the guilty plea on one count of wire fraud in March of 2019.

Now, almost exactly three years after his indictment was filed under seal, Rimasauskas has been given the five-year prison term. Following his release, he will also face deportation to Lithuania.

"Evaldas Rimasauskas devised an audacious scheme to fleece U.S. companies out of more than $120m, and then funneled those funds to bank accounts around the globe," boasted US attorney Geoffrey Berman, prosecutor in the case.

"Rimasauskas carried out his high-tech theft from halfway across the globe, but he got sentenced to prison right here in Manhattan federal court." ®

Sponsored: Detecting cyber attacks as a small to medium business

SUBSCRIBE TO OUR WEEKLY TECH NEWSLETTER


Biting the hand that feeds IT © 1998–2020