A Lithuanian man admitted today to defrauding Google and Facebook out of $ 123 million by using fake invoices to trick employees into money to his bank accounts.
The man, Evaldas Rimasauskas, 50, guilty today in a New York court and now faces a sentence of up to 30 years in prison for his crimes.
Rimasauskas was arrested by Lithuanian authorities in March 201
He targeted Google and Facebook because both companies run their
According to court documents, Rimasauskas operated by sending emails made to look like they were coming from Quanta to both Google and Facebook, and demanding pay for alleged services and products
Facebook and other employees in mission requested payments to the bank accounts provided by Rimasauskas, located at banks in Latvia and Cyprus.
US authorities said that they were immediately transferred to other banks in Latvia, Cyprus, Slovakia, Lithuania, Hungary, and Hong Kong, at accounts controlled by Rimasauskas.
Rimasauskas ran the scheme for Three years between 2013 and 2015, allegedly defrauding Google out of $ 23 million and Facebook out of $ 100 million.
The scheme was novel at the time, but is now well known and referred to as whaling, BEC (Bussiness Email Compromise) scam , or CEO fraud
The FBI's Internet Crime Complaint Center (IC3) issued an alert in July 2018 warning that BEC scammers had defrauded companies around the world or over $ 12 billion since October 2013.  Besides Google and Facebook, other companies also lost huge sums of money in BEC scams. Previous incidents have been reported to FACC, an Austrian manufacturer of airplane parts, which lost $ 56.79 million; Leoni, a German manufacturer of wires and electrical cables, which lost $ 45 million; Crelan, and Belgian bank, which lost $ 76 million; and Pathe, a French film production and distribution company, which lost $ 21 million.
Rimasauskas' sentencing hearing has been scheduled for July 29, this year.
Related malware and cybercrime coverage: