Facebook and Google have allegedly fallen victim to $100m scam.
According to Fortune, Facebook and Google are confirmed to have suffered a major phishing attack reported to involve “two US-based internet companies” as of April 27.
Last month, the perpetrator had been linked to a Lithuanian citizen named, Evaldas Rimasauskas, age 48, had conducted an email based scam costing the companies over $100m.
The attack took place via email under the disguise of an Asian based manufacturer since 2013 to 2015.
“Fraudulent phishing emails were sent to employees and agents of the victim companies, which regularly conducted multimillion-dollar transactions with [the Asian] company,” stated the United States Justice Department in March.
The emails had been designed to look like they originated from the Asian based firm, stated the Justice Department, who accused the assailant of also forging contracts, letters, and invoices “that falsely appeared to have been executed and signed by executives and agents of the victim companies”.
“We detected this fraud against our vendor management team and promptly alerted the authorities,” stated a Google spokeswoman. “We recouped the funds and we’re pleased this matter is resolved.”
The total amount transferred to the firm has yet to be confirmed.
“Facebook recovered the bulk of the funds shortly after the incident and has been cooperating with law enforcement in its investigation” reported their spokesperson.
James Maude from Avecto, a cyber security firm, commented on the cyber-attack: “Sometimes staff [at large firms] think that they are defended, that security isn’t part of their job…But people are part of the best security you can have – that’s why you have to train them.”
Maude told BBC that clients reported phishing efforts which were disguised as a senior member of staff’s email account in order to request genuine looking wire transfers from employees.
Increase In Phishing
According to recently conducted Europol reports, phishing scams are increasingly becoming more sophisticated and harder to detect.
“The request is usually time-sensitive and often coincides with the close of business hours to make verification of the request difficult,” Explained the report findings.
“Such attacks often take advantage of publicly reported events such as mergers, where there may be some degree of internal flux and uncertainty.”
Firms are now advised to always verify payment requests prior to authorization to avoid these types of fraud.