Image

Image

"... [F]raudulent phishing emails were sent to employees and agents of the Victim Companies, which regularly conducted multimillion-dollar transactions with Company-1, directing that money the Victim Companies owed Company-1 for legitimate goods and services be sent to Company-2’s bank accounts in Latvia and Cyprus, which were controlled by RIMASAUSKAS. These emails purported to be from employees and agents of Company-1, and were sent from email accounts that were designed to create the false appearance that they were sent by employees and agents of Company-1, but in truth and in fact, were neither sent nor authorized by Company-1. This scheme succeeded in deceiving the Victim Companies into complying with the fraudulent wiring instructions."In total, Rimasauskas stole $100 million from two victim U.S. companies, a multinational technology company and a multinational social media company. Once they wired over the funds, he moved them to bank accounts under his control. He even forged letters that appeared to have originated from the Victim Companies to authorize the account transfers. Rimasauskas is charged with one count of wire fraud and three counts of money laundering, each of which carries a maximum sentence of 20 years in prison. He also faces one count of aggravated identity theft, which carries a mandatory minimum sentence of two years in prison. Organizations can protect themselves against attackers like Rimasauskas by educating their employees about phishing attacks. This resource is a good place to start.