Evaldas Rimasauskas, a 48-year- old Lithuanian, pulled off a high-profile CEO fraud campaign that resulted in two US tech companies losing over $100 million.
The crook was apprehended by a Lithuanian law enforcement agency last week and charged by New York prosecutors on Monday. Later on, it came to light that the charges include wire fraud, money laundering and identity theft, which may ensue a sentence of 20 years in jail.
The names of the companies that the ill-minded social engineer had reportedly targeted have not been disclosed at this point. What is known, though, is that one is a multinational enterprise operating in the realm of online services, and the other is a large corporation specializing in networking and Internet social media services. Both targets appear to have business relations with an Asian computer hardware manufacturer, quite possibly a firm producing server hardware.
The now arrested social engineering guru Rimasauskas had apparently found out about the ties between the victims and their Asian partner. He registered a company in Lithuania under the same name as the above-mentioned hardware supplier. Then, during a time span of 2013-2015, the fraudster – possibly operating in tandem with unnamed accomplices – sent numerous spear-phishing emails to the targeted corporations, posing as representatives of the Asian company. The cybercriminal forged invoices, contracts and corporate stamps in order to make the hype persuasive.
Ultimately, the impostor was able to trick the tech companies into making payments to his own firm. Furthermore, he camouflaged the flow of wire transfers, making it look like they were originally deposited to bank accounts in the United States. Fortunately, after the scam was identified and the hacker arrested, the FBI and interested parties succeeded in recovering a fair amount of the stolen funds.