A man acclimatized a business email compromise (BEC) scam to defraud two internet companies based in the Concerted States out of 100 million dollars.
On 21 March, the FBI along with the U.S. Attorney’s Bit for the Southern District of New York announced criminal charges against Evaldas Rimasauskas, 48, of Vilnius, Lithuania. Lithuanian words arrested Rimasauskas in mid-March. They did so on the basis of a provisional arrest paper that alleges the man orchestrated a wire fraud scheme that objective U.S. firms.
In or around 2013, Rimasauskas set his plan in motion when he united a company in Latvia (“Company-2”) that bore the same moniker as a computer hardware manufacturer based in Asia (“Company-1”). He also disposed numerous bank accounts for Company-2 in Latvia and Cyprus.
From there, it was honest a matter of perpetrating a business email compromise (BEC) scam against comrades that regularly dealt with Company-1. But unlike regular BEC manoeuvres, which have cost victims more than $3 billion since 2013, Rimasauskas didn’t lackey any email accounts belong to Company-1. He instead relied on the similarities between Company-1 and Company-2 to inflame in his favor.
The U.S. Department of Justice elaborates on this point in a blog support:
“… [F]raudulent phishing emails were sent to employees and agents of the Martyr Companies, which regularly conducted multimillion-dollar transactions with Company-1, franking that money the Victim Companies owed Company-1 for legitimate goods and rites be sent to Company-2’s bank accounts in Latvia and Cyprus, which were conducted by RIMASAUSKAS. These emails purported to be from employees and agents of Company-1, and were sent from email accounts that were visualized to create the false appearance that they were sent by staff members and agents of Company-1, but in truth and in fact, were neither sent nor authorized by Company-1. This pattern succeeded in deceiving the Victim Companies into complying with the anxious wiring instructions.”
In total, Rimasauskas stole $100 million from two patsy U.S. companies, a multinational technology company and a multinational social media company. From time to time they wired over the funds, he moved them to bank accounts inferior to his control. He even forged letters that appeared to have stemmed from the Victim Companies to authorize the account transfers.
Rimasauskas is dictated with one count of wire fraud and three counts of money laundering, each of which conveys a maximum sentence of 20 years in prison. He also faces one upon of aggravated identity theft, which carries a mandatory minimum punishment of two years in prison.
Organizations can protect themselves against attackers much the same as Rimasauskas by educating their employees about phishing attacks. This resource is a worth place to start.