You may or may not remember that in March this year a Lithuanian cyber criminal was arrested for a phishing scam that targeted two US-based tech companies, the names of which were not disclosed at the time.
Google and Facebook have since admitted that they were the targeted companies and that falling victim to the phishing scam cost them $100 million (around £77m).
How the scam worked
48-year-old Evaldas Rimasauskas allegedly impersonated an employee of the Asian manufacturer Quanta Computer, with which both firms do business, and defrauded the two companies over several years (from 2013 to 2015), tricking them into wiring money to his bank accounts.
According to a statement put out by the US Department of Justice, “fraudulent phishing emails were sent to employees and agents of the victim companies, which regularly conducted multimillion-dollar transactions with [the Asian] company”.
All phishing emails were crafted to look like legitimate Quanta Computer emails, and the Department of Justice has also accused Rimasauskas of forging invoices, contracts and corporate stamps “that falsely appeared to have been executed and signed by executives and agents of the victim companies”.
Although funds were recovered, neither company disclosed how much money was recouped.
When it comes to phishing, company size doesn’t matter
This scam perpetrated against Google and Facebook shows how sophisticated phishing attacks can fool even the smartest tech company. CEO fraud and W-2 scams, two particular and very sophisticated forms of phishing attack, target employees in key departments like HR and finance because they have access to what cyber criminals long for: money and personal data.
Need to drive phishing awareness
Tech solutions don’t 100% guarantee that phishing emails won’t reach your employees’ email inboxes. Your staff are the ultimate barrier to fraudulent emails. Consequently, the more your staff are aware of phishing, how it works and what its consequences are, the more they can protect your company from such attacks. No matter how big or small your workforce is, our Phishing Staff Awareness E-learning course teaches your staff the basics about phishing attacks and provides tips and tricks for spotting phishing emails amongst the dozens of legitimate emails they receive daily.