Wednesday March 22, 2017

Even Tech Savvy Organizations can Fall for Phishing Schemes

The Department of Justice yesterday unsealed an indictment against a Lithuanian man who successfully swindled $100 million out of two American tech companies. (Here, have the verge link too, because reading bureaucrat can be tiring.) The 48 year old Latvian man reportedly opened a business in eastern Europe with the same name as a major PC hardware vendor in China, and then proceeded to, through deceptive emails, convince two major multinational U.S. tech firms to make payments to his account totaling $100 million. Why he didn't immediately buy bearer bonds and and take off for a non-extradition treaty country is beyond me. I guess he wasn't a master mind after all.

What stands out to me is that I often hear people express sentiments ridiculing scam victims, and stating how this wouldn't happen to them, they are either too smart or too experienced to fall for these tricks, or to click on bad links in emails, or open attachments etc. etc. and because of this they don't need to take standard precautions like always running their machine in a limited user account, keeping UAC enabled, running AV, etc.

If this story illustrates anything, to me it seems that is that anyone can fall for these things. Maybe not in their most alert and vigilant state, but all it takes is being in a rush one day, or being tired after a night of poor sleep or just having an off moment and making a mistake, one that you should know better than to make. I feel the take-away should be, if sophisticated major tech companies can fall for a phishing scheme, so can you, so buckle up, and take every layer of security, no matter who you are.

News Image

What’s more important is that representatives at both companies with the power to wire vast sums of money were still tricked by fraudulent email accounts. Rimasauskas even went so far as to create fake contracts on forged company letterhead, fake bank invoices, and various other official-looking documents to convince employees of the two companies to send him money.

Rimasauskas has been charged with one count of wire fraud, three counts of money laundering, and aggravated identity theft. In other words, he faces serious prison time of convicted آ— each charge of wire fraud and laundering carries a max sentence of 20 years.