In what the US Attorney’s Office stated should be a “Wake Up call to all companies”, 2 unnamed high tech firms were duped out of over $100 Million by a Lithuanian man. The Lithuanian man, Evaldas Rimasauskas, is charged in using a phishing e-mail scam to garner the monies from the 2 companies.
From 2013 to 2015, Rimasauskas had set up a number of similarly named companies complete with bank accounts to have the money wired to. The phishing e-mails were sent to company employees and agents of the companies that directed the employees to send moneys for legitimate goods and services into the fraudulent accounts that Rimasuaskas had set up.
The cash was then "wired into different bank accounts" in locations around the world - including Latvia, Cyprus, Slovakia, Lithuania, Hungary and Hong Kong.
Acting US Attorney Kim went on to say that if this can happen to sophisticated tech companies, it can happen to just about any company.
To read more about what happened click on:
Basic Steps to help Law Firms, Accounting Firms and Title Agencies from falling for this Scam:
1. confirm client and third party payment details, for example sending $1.00 to the account details provided and confirming it has been received
2. provide information to clients confirming they will never be asked by you to send money to a different account than that given
3. be suspicious of requests to change payment details, in particular those sent by email with high urgency, and confirm them with the client on a known telephone number
4. confirm that money sent details provided by a third party lawyer is genuinely going to the party intended
These are not the only steps that can be taken but it is a good start. It is worth noting that most of the cybercrimes started with attacking individuals and not systems. Ongoing training of staff is essential.