A Lithuanian man impersonated a Taiwanese computer company to con the tech giants out of $121m
The news that a “simple” email scam successfully conned Facebook and Apple into paying a Lithuanian man $121m (£91.6m) should raise concerns among businesses that are yet to digitise their procurement processes.
The fraudulent scheme saw Evaldas Rimasauskas, 50, send fake invoices to the Silicon Valley tech giants in which he impersonated Taiwanese tech manufacturer Quanta Computer.
The emails were successful in persuading Google and Facebook that they owed money for computer parts they had never actually purchased.
After pleading guilty to one count of wire fraud in a US court last week, he looks set to face up to 30 years in prison, according to reports.
Alex Saric, smart procurement expert at company payment platform Ivalua, said: “While this scam may look sophisticated, this is fairly simple and reflects the vulnerability of organisations that have not digitised their spend management processes.”
Evaldas Rimasauskas, 50, entered his plea to one count of wire fraud before U.S. District Judge George Daniels in Manhattan. He faces a… https://t.co/JiTe1EAXxG
— lietuviai.co.uk (@lietuviaicouk) 21 March 2019
How companies can avoid procurement cyber-scams
The recent case is part of a wider trend that has seen the number of business e-mail compromise (BEC) scams increase.
Mr Saric explained that companies can avoid being caught out by fraudsters by digitally matching their purchases.
He said: “Despite monumental budgets, organisations as data-centric as Facebook should be able to match an invoice to a real purchase automatically, instead of being duped into paying millions of pounds to a scammer.
“Invoicing is an area ripe for fraudsters and cyber criminals, who know employees may not always question their validity, particularly if they look convincing.
“Digitisation can play a vital role in preventing this. By digitising the end-to-end process of contracting, buying and invoicing, organisations can ensure automated matching of each step, eliminating the potential for fraud.
“This is a key benefit of implementing fully integrated suites with a unified data model.
“This also allows organisations to automate the entire process, helping save time, and in this instance, prevent money getting into the wrong hands.”
How Evaldas Rimasauskas conned Google and Facebook
Mr Rimasauskas conned Google out of $23m (£17.4m) and convinced Facebook to send over $98m (£74m) between 2013 and 2015, according to a Bloomberg report.
Although prosecutors do not believe that he was directly responsible for the entire operation, he was registered as the sole member of the board for the Latvian-based company that was fronting as Quanta Computer and opened and maintained the bank accounts connected to the fraud, according to the indictment.
Manhattan US Attorney Geoffrey S Berman, who oversaw the case, said: “As Evaldas Rimasauskas admitted, he devised a blatant scheme to fleece US companies out of $100m (£75.6m), and then siphoned those funds to bank accounts around the globe.
“Mr Rimasauskas thought he could hide behind a computer screen halfway across the world while he conducted his fraudulent scheme, but as he has learned, the arms of American justice are long, and he now faces significant time in a US prison.”
Mr Rimasauskas was extradited from Lithuania to the US in 2017 and ordered to forfeit just under $50m (£37.8m).
He is scheduled to be sentenced on 24 July 2019.
A Google Spokesperson said: “We detected this fraud and promptly alerted the authorities.
“We recouped the funds and we’re pleased this matter is resolved.”