The Lithuanian hacker who ran the most notorious, simplest, and most lucrative email-based social engineering fraud scam has been brought to justice and will be serving time and paying restitution.
This scam had everything against it: it was very unsophisticated, went after the two of the largest tech companies on the planet, and used little more than lookalike domains and fake invoices to return a take of over $120 Million. Even so, between 2013 and 2015, Evaldas Rimasauskas was able to defraud Facebook and Google.
He now faces 5 years in prison and restitution to the tune of $26.5 Million.
This story is a great reminder that even the biggest and most sophisticated companies can be fooled by little more than simple social engineering techniques. Anytime requests involving money occur over email, organizations need to have procedures in place to ensure they are legitimate, as well as use mediums other than email to validate requests.
This scam is so simple, any company could fall for it – even yours.
To counteract such tactics, organizations need to look at where Facebook and Google’s security broke down – at the user. Users need to undergo continual Security Awareness Training to ensure they are vigilant when engaging in communications involving the transfer of funds. Given that fraud isn’t the only end-game for cybercriminals using phishing attacks, users need to be educated on all forms of phishing attacks and social engineering scams.