This $100M email scam tripped up two big US tech companies

The victims were a social network and an "internet-related services" company, according to the feds.

Alfred Ng Senior Reporter / CNET News
Alfred Ng was a senior reporter for CNET News. He was raised in Brooklyn and previously worked on the New York Daily News's social media and breaking news teams.
Alfred Ng
2 min read

A Lithuanian man allegedly scammed $100 million from two major tech companies through email.

Getty Images/EyeEm

An email scam tricked two major US tech companies out of millions of dollars until investigators caught up with the alleged thief.

The Department of Justice and the FBI have charged a Lithuanian man with committing fraud that netted more than $100 million.

"This case should serve as a wake-up call to all companies -- even the most sophisticated -- that they too can be victims of phishing attacks by cybercriminals," acting US attorney Joon Kim said in a statement.

The indictment did not name the two US-based tech companies scammed. The agencies identified one company as "specializing in internet-related services and products" and the second as a "multinational corporation providing online social media and networking services." Both regularly carried out multimillion-dollar deals.

Social media giants Facebook and Twitter did not respond to requests for comment.

According to the federal agencies, Evaldas Rimasauskas, 48, pretended to be a popular Asian computer hardware company by registering his own company in Latvia with the same name in 2013. He allegedly forged emails from employees at the Asian hardware supplier and sent invoices to the two US tech companies that actually had deals with the real supplier.

In the emails, Rimasauskas asked the social network and the web-service provider to send payments to his bank accounts in Latvia and Cyprus, instead of the real company's bank accounts in Asia, prosecutors said.

The two tech companies fell for it, wiring more than $100 million to Rimasauskas before the cybercrime scheme ended, according to court documents. He spread the money through multiple accounts, including banks in Latvia, Hungary, Hong Kong and Slovakia.

Rimasauskas also allegedly sent phishing emails to employees at the two victim companies, in an attempt to gain access to important documents. He was able to forge contracts and letters with the names and signatures of executives, as well as fake a corporate stamp on his letters.

Lithuanian police arrested Rimasauskas last week. He's charged with wire fraud, money laundering and identity theft, and faces up to 20 years in prison if convicted. The case is being handled by the US Attorney's office for the Southern District of New York.

Technically Literate: Original works of short fiction with unique perspectives on tech, exclusively on CNET.

CNET Magazine: Check out a sampling of the stories you'll find in CNET's newsstand edition.