Google and Facebook – two of the world’s biggest tech companies – have both admitted to becoming victims of a multimillion dollar phishing scam.
It follows reports in March that a man – Evaldas Rimasauskas – had been charged over an email attack against “two US-based internet companies” that were not named. It has now been reported by Fortune that the victims were Google and Facebook.
The two companies had been tricked into sending the attacker more than $100 million (£77 million).
Mr Rimasauskas managed to deceive the companies by tricking them into thinking they were receiving invoices from a legitimate hardware company based in Asia that they regularly conducted transactions with. He set up and controlled various bank accounts under the same name as the Asian company.
He then sent fraudulent phishing emails to Google and Facebook, instructing them to wire money owed to the real hardware company to his accounts.
In a statement, Google said it had detected the fraud against its vendor management team and alerted the authorities, adding that it recouped the funds it lost.
Acting US Attorney for the Southern District of New York Joon Kim said: “From half a world away, Evaldas Rimasauskas allegedly targeted multinational internet companies and tricked their agents and employees into wiring over $100 million to overseas bank accounts under his control.”
He went on to add: “This case should serve as a wake-up call to all companies – even the most sophisticated – that they too can be victims of phishing attacks by cyber criminals.”
The news should encourage all businesses to ensure that they have the right security in place, as well as efficient and effective IT support that can go a long way towards preventing attacks like these. After all, if it can happen to Google, it can happen to any company.