Big-game phishing: Lithuanian scammed US$100m from two big internet firms with fake email invoices, prosecutors say

Reading Time:2 minutes

The scam allegedly employed by Evaldas Rimasauskas was a big-money variation on the classic phishing scam, in which scammers send emails to their targets in the hope that they will either respond by paying fake bills, or click on malicious links or downloads. Photo: Shutterstock

Published: 2:05pm, 22 Mar 2017Updated: 10:33pm, 22 Mar 2017

US prosecutors have charged a Lithuanian man with engaging in an email fraud scheme in which he bilked two US-based companies out of more than US$100 million by posing as an Asian hardware vendor.

Evaldas Rimasauskas, 48, was arrested late last week by Lithuanian authorities, Manhattan federal prosecutors said on Tuesday. Rimasauskas does not yet have legal counsel, a spokesman for the prosecutors said.

The alleged scheme is an example of a growing type of fraud called “business email compromise”, in which fraudsters ask for money using emails targeted at companies that work with foreign suppliers or regularly make wire transfers. It is a variation on the common “phishing” scam, but on a massive scale.

The FBI said last June that since October 2013, US and foreign victims have made 22,143 complaints about business email compromise scams involving requests for almost US$3.1 billion in transfers.

All companies – even the most sophisticated – can be victims of phishing attacks by cyber criminals

Acting US Attorney Joon H. Kim

In an indictment unsealed on Tuesday, prosecutors said that to carry out his scheme, which they said began around 2013 or earlier, Rimasauskas registered a company in Latvia with the same name as an Asian computer hardware manufacturer.