4/28/2017 UPDATE: Facebook and Google confirmed as victims of $100M phishing scam. Story at The Verge.
In an update on an earlier post of April 2016, more detail came known about this massive CEO Fraud spear phishing attack that tricked 2 American tech companies in wiring a whopping 100 million to bank accounts controlled by a crafty scammer in Lithuania. The press was all over this like white on rice, not mentioning that it initially was discovered April last year. The big mystery is exactly which 2 companies fell victim, because the court documents do not reveal the names.
I'm quoting a snippet from The Verge here: "According to a recent indictment from the U.S. Department of Justice, a 48-year-old Lithuanian scammer named Evaldas Rimasauskas managed to trick two American technology companies into wiring him $100 million. He was able to perform this feat "by masquerading as a prominent Asian hardware manufacturer," reports The Verge, citing court documents, "and tricking employees into depositing tens of millions of dollars into bank accounts in Latvia, Cyprus, and numerous other countries."
From the report:
"What makes this remarkable is not Rimasauskas' particular phishing scam, which sounds rather standard in the grand scheme of wire fraud and cybersecurity exploits. Rather, it's the amount of money he managed to score and the industry from which he stole it. The indictment specifically describes the companies in vague terms.
The first company is "multinational technology company, specializing in internet-related services and products, with headquarters in the United States," the documents read. The second company is a "multinational corporation providing online social media and networking services." Both apparently worked with the same "Asia-based manufacturer of computer hardware," a supplier that the documents indicate was founded some time in the late '80s."
The court documents don't reveal the names of the two companies. It's fun to speculate though. Facebook and Apple come to mind. Here is the full affidavit at Scribd: https://www.scribd.com/document/342639731/Rimasauskas-Affidavit
And to know that all this could have been prevented with effective security awareness training! Training your employees to always keep security top of mind is one of the single most effective preventative measures against CEO fraud. Any kind of emails regarding financial transactions should be looked at closely before any action is taken. Most fraudulent emails like this create a sense of urgency. A simple phone call could be what keeps your company out of headlines.
Incidents like this show that you really cannot afford not to do this.
Find out how affordable this is and be pleasantly surprised.