Email Scammer Takes $100 Million

A man has been arrested after allegedly scamming two US companies into sending him more than a hundred million dollars online. He posed as a legitimate computer manufacturer and issued bogus requests for payment.

The companies haven't been named, but prosecutors say one is a "multinational technology company" and the other a "multinational online social media company."

Evaldas Rimasauskus was arrested in Lithuania last week and has been charged in US courts with one count of wire fraud, one count of aggravated identify theft, and three counts of money laundering.

Bogus Company Had Same Name

Prosecutors say he set up and incorporated a company in Latvia that had the same name as a computer hardware manufacturer from Asia. He then set up bank accounts in that name in Latvia and Cyprus.

According to the prosecutors, Rimasauskus then sent a series of phishing emails to the two US victim companies. Unlike most phishing, he wasn't attempting to get them to hand over passwords or other security details. Instead it's alleged he sent emails requesting payment into his bank accounts, creating the false impression it was the Asian hardware manufacturer making the request.

The scam appears to have worked not only because the two US companies were regular clients of the hardware manufacturer, but because the bogus emails mentioned legitimate goods and services that the US companies had bought. It wouldn't have been out of the ordinary for the US companies to make multimillion-dollar payments. Prosecutors didn't say whether Rimasauskus had used phishing or other security breaches to get the details needed to make the payment requests themselves look legitimate. (Source: bbc.co.uk)

Money Quickly Siphoned Off

After receiving the payments, Rimasauskus is said to have quickly moved the money into different accounts in at least six different countries. He used forged paperwork including bogus corporate stamps to get around bank rules, which aim to verify the source of money involved in such large banks transfers.

Acting US attorney Joon H Kim said in a press release that "This case should serve as a wake-up call to all companies -- even the most sophisticated -- that they too can be victims of phishing attacks by cyber criminals." (Source: justice.gov)

What's Your Opinion?

Are you surprised two companies, particularly ones involved in technology, could fall for such a scam? How much responsibility do the victim companies bear for not verifying the bank details? Can organizations and Internet providers do more to make it harder to send bogus emails?