Sometimes the simplest ideas are the most effective, and perhaps no case exemplifies this more than that of Evaldas Rimasauskas.
Evaldas’ story is so extraordinary that it could be made into a film if his masterful scam didn’t involve any major obstacles.
The tech thief, you see, managed to steal a whopping $122 million from Facebook and Google simply by asking for the money.
Evaldas from Lithuania received $99 million from Facebook and $23 million from Google between 2013 and 2015 by forging invoices for goods they had not ordered.
Surprisingly, both companies paid.
Prior to this, Evaldas had formed a Latvian corporation with the same name as Quanta Computer Inc, a Taiwan-based computer and electronic hardware manufacturing firm.
The tech titans engaged in “multimillion-dollar transactions” with Quanta, according to the US Attorney’s Office for the Southern District of New York.
Instead of paying for legitimate services, they were wiring money to bank accounts in Latvia and Cyprus controlled by Evaldas.
He used forged invoices, contracts, and letters that appeared to have been signed by executives and agents from Google and Facebook to explain the massive influx of money to the banks.
According to IGN, the most shocking aspect of this scheme is that no one from either company investigated the legitimacy of the invoices – they simply paid the money.
It must have seemed too good to be true for the scammer, and it was. Evaldas was apprehended by Lithuanian authorities in 2017 and extradited to New York.
He pleaded guilty to one count of wire fraud and received a 60-month prison sentence for his criminal scheme in 2019.
During the sentencing, US District Judge George Daniels also ordered Evaldas to serve two years of supervised release, forfeit $49.7 million, and pay nearly $26.5 million in restitution.
In short, his house of cards collapsed, but the fact that he got away with it for so long served as a stark warning to tech firms about cyber security.
“This case should serve as a wake-up call to all companies – even the most sophisticated – that they, too, can be victims of phishing attacks by cyber criminals,” said acting US Attorney Joon Kim at the time of Evaldas’ arrest. And this arrest should serve as a warning to all cybercriminals that we will work to find them and hold them accountable, no matter where they are.
“The charges and arrest in this case were made possible by the FBI’s outstanding work and the cooperation of the victim companies and their financial institutions.” We thank the companies and their banks for acting quickly, coming forward quickly, and cooperating with law enforcement; this resulted not only in the charges announced today, but also in the recovery of a significant portion of the stolen funds.”