Two Tech Giants Lose over $100M to Phishing

Posted by Stephen Ferrell
Stephen Ferrell

If you are under the age of 90 there is a pretty good chance that you’ve been on Facebook or Google today, likely both. When we think of those names we think of big tech and if I were to poll your opinion as to how secure these tech titans are relative to say… email fraud, I’d guess you respond that they’d be at the top? I would have too – until I read this article in today’s New York Times.

Between 2013 and 2015 Lithuania’s favorite son Evaldas Rimasauskas sent a few emails to the finance people at Facebook and Google. In return for his correspondences, they wired, between them, over $100m – AMAZING! 

Evaldas and friends created a string of fake bank accounts and then attempted a brazen email fraud and phished the accounts payable departments at Google and Facebook by posing as the accounts receivable department of Quanta, a perfectly legitimate computer hardware company based in Taiwan who had done business with both. Incredibly, despite all of the preventive measures both had taken, Evaldas and friends were successful.

Google and Facebook were able to recover the majority of the funds; however, this attempt throws into stark contrast the reality that no-one is immune from phishing. This particular attack was so sophisticated that it made it all the way through the spam filters and an awareness trained workforce. By the time it was discovered tens of millions of dollars had been parted with.

This type of attack has become so common that the FBI have a dedicated Business Email Compromise (BEC) page on their website. BEC attacks as the FBI refers to them, have cost US companies over $3B since January of 2015.

Consider that both companies could have avoided the fraud by deploying a true phishing prevention platform, a platform like INKY. Had Phish Fence been installed, in both of these cases, INKY would have immediately recognized the brand forgery attempt.

It would be unthinkable to leave your network unprotected or turn your firewalls off, yet far too many organizations are relying on ineffective email protection software to handle the job of today’s email fraud prevention. At INKY, with our trifecta of machine learning, artificial intelligence, and computer vision we have created an impenetrable beachhead against these sophisticated phishing attacks.

Don’t believe me? Sign up for the INKY Email Fitness Test then tell all of your friends on Facebook. 👍

Topics: business reputation, phishing email examples, phishing attack, domain spoofing