Even technology giants are not safe from frauds and scams, as the Internet giant Google and social media giant Facebook were recently conned by a single man. According to a report from Fortune, the tech companies were victims of a sophisticated $100 million phishing attack, in which the employees of both were tricked into sending money to overseas bank accounts.
How Google and Facebook were tricked
Last month when the Justice Department announced the arrest of a man who allegedly swindled more than $100 million from the two tech companies, information about the scam was pretty much kept quiet. The Justice Department did not reveal who was robbed or identify the Asian supplier the suspect impersonated to get the money, notes Fortune.
An investigation by Fortune involving an interview with sources close to law enforcement and others has unveiled the names of three companies and a few other details of the fraud case. The investigation disclosed that the two firms that were allegedly sent fraudulent invoices were actually Google and Facebook. And the two U.S. tech giants were allegedly tricked by a Lithuanian: Evaldas Rimasauskas.
Rimasauskas was accused of moving funds which were intended for the supplier Quanta to different bank accounts in places like Cyprus, Slovakia, Lithuania, Hungary, Hong Kong and Latvia. The 48-year old suspect was charged with money laundering, wire fraud and identity theft for impersonating Quanta Computer, a Taiwan-based electronics manufacturer that boasts of clients like Apple, Facebook and Google.
In a statement to CNBC, Facebook said, “We recovered the bulk of the funds shortly after the incident and has been cooperating with law enforcement in its investigation.”
Google said it detected this scam against its vendor management team and quickly alerted the authorities.
“We recouped the funds and we’re pleased this matter is resolved,” the company said.
Phishing scams getting more complex than ever
This fraud case has shown that no company is immune to scams, and even the largest companies can be victimized by scams involving fake suppliers and email phishing. In December, the National Audit Office warned that the U.K. is not completely prepared for online fraud, and it cost customers in the U.K. at least £14.8 billion last year. Around £4.2 billion of the £14.8 billion is believed to be unreported and hidden losses from crime like counterfeit goods and mass marketing fraud, notes The Guardian.
Commenting on the phishing threat facing large companies, James Maude at cyber-security firm Avecto told the BBC that sometimes the staff at big companies think that they are safe and that security is not part of their job.
“But people are part of the best security you can have – that’s why you have to train them,” the expert said.
Maude told the BBC that they have come across phishing attempts in which hacked email accounts of senior staff are used to convince others in the company to transfer money. To avoid such scams going forward, big firms are being advised to verify new payment requests carefully before authorizing them.