It doesn’t matter where or who you are. Phishing attacks can happen to even the most vigilant among us.
This point was driven home recently after it came to light that Facebook and Google found themselves out $100 million at the hands of one ambitious cybercrook.
At the end of March, the U.S. Department of Justice (DoJ) announced plans to charge a man allegedly responsible for an $100 million business email compromise scam. While the corporate victims of the scam weren’t named at the time, Fortune Magazine recently reported that they were none other than Facebook and Google.
In a statement, Google confirmed that it had been a target.
“We detected this fraud against our vendor management team and promptly alerted the authorities,” a Google spokesperson said. “We recouped the funds, and we’re pleased this matter is resolved.”
Facebook has also reportedly recovered the lost funds, said Fortune.
The DoJ alleges that the man, Evaldas Rimašauskas, used a business email compromise (BEC) scam to trick Facebook and Google into paying fake invoices, impersonating manufacturer Quanta Computer.
The DoJ has since charged Rimašauskas with one count of money wire fraud, three counts of money laundering and one count of aggravated identity theft.
“From half a world away, Evaldas Rimašauskas allegedly targeted multinational internet companies and tricked their agents into wiring over $100 million to overseas bank accounts under his control,” said the acting U.S. Attorney for the Southern District of New York, Joon H. Kim, in a statement.
BEC fraud has been on the rise across the globe. Research from Proofpoint found a 45 percent spike in BEC attacks in the last quarter of 2016 compared to Q3.
Additionally, research from Trend Micro found $1 billion total losses worldwide in 2016 due to BEC scams. The Federal Bureau of Investigation said it had found that BEC scams led to $3.1 billion in attempted wire fraud between October 2013 and May 2016.