The fraudster pulled out of two companies $ 100 million with the help of social engineering

A 48-year-old citizen of Lithuania was recently accused of fraud against two international telecommunications companies. In two years, as a result of using his “know-how” - a phishing e-mail scheme, he was able to fraudulently extract more than $ 100 million from these companies. All of this did not happen suddenly, the Lithuanian deceived the victims for about two years - from 2013 to 2015 .

All this could be missed by attention, if it were not for the huge amount that the fraudster managed to get and did not participate in the scheme of the two largest companies, in which, as is commonly thought, the strictest information security rules apply. Unfortunately, the names of companies, law enforcement officers, investigating the case, are not reported.

The defendant, Evaldas Rimaskauskas, was detained on March 21 of this year in New York. He is accused of one case of fraud using electronic means of communication and in three cases of money laundering. The incident was reported by the US Department of Justice.
')
As it turned out, Rimaskauskas created a fake company, the name of which coincided with the name of another company - the real manufacturer of "iron" from Asia. Thanks to this coincidence, he managed to turn several large cases.

“Being thousands of kilometers from their victims, Evaldas Rimaskauskas deliberately deceived the representatives of the largest telecommunications companies, having received several transfers totaling $ 100 million,” the case description says. “This case should serve as a warning to other companies, many of which consider themselves inaccessible to fraudsters. The arrest will serve as a warning to other cyber fraudsters - we are working to track them down, wherever they are and bring them to justice, ”said US Attorney June H. Kim.

For two years, Rimaskauskas and his possible accomplices sent an e-mail to representatives of large technology companies, posing as employees of a well-known hardware manufacturer from Asia. They were surprisingly easily able to deceive the representatives of these companies, as a result of which funds were received for accounts in Lithuania, Latvia, Cyprus, Slovakia, Hungary and Hong Kong. Two companies that were deceived by a fraudster were said to have been founded in the late 1980s; they sell goods and provide services all over the world. One of these companies is reportedly a "major international technology organization that specializes in Internet services and products." The second company is “an international corporation providing online media and social network services”.

Rimaskauskas also forged letters, invoices, stamps and contracts, trying to get even more money from US banks. His company had a board of directors, but there was only one member in it - himself. Almost all the stolen funds, as told to the FBI, were able to detect and return
to the victims. According to law enforcement, the fraudster worked carefully, but still he left behind him a “digital footprint”, thanks to which he was able to find and bring to justice.



By the way, the Lithuanian did not send letters with malicious links - nothing like that. Everything was designed for the human factor, that is, the long-known method of social engineering was used. “Unfortunately, man is so far the most vulnerable factor in any information system,” says Neil Winn, an analyst at Gartner. According to him, the key element of security systems in companies should be email gateways (SEG), antispam technology, sandbox and a system for analyzing incoming messages and other data. The combination of different systems allows you to quickly identify anomalies of incoming data and recognize phishing or spam.

What conclusion can be drawn from this event?

1) Company employees must be trained to recognize fraud. If this is not done, then problems of this kind will continue to occur.
2) And even after something like this happened, after a while, people begin to think that nothing like that will happen again. And this is a big mistake. Opposition to such deception should be put on corporate rails.



Below we offer to participate in a small survey. We are pleased to share the results in this post.