Facebook and Google were the victims of an elaborate $100 million phishing attack, according to a Fortune report, with employees at both companies tricked into sending money to overseas bank accounts.
In March, the Justice Department arrested Evaldas Rimasauskas, the man they believe is at the center of the cyber crime, the publication reported. However, the names of the companies at the center of the scam weren't initially disclosed in the indictment. Meanwhile, the accused—who is being held in Lithuania pending extradition—has denied the allegations.
According to information obtained by Fortune, from 2013-2015 Rimasauskas allegedly impersonated Quanta Computer, a Taiwanese electronics manufacturer, by sending phishing emails to staffers at both Google and Facebook that requested payment for goods and services.
After the companies wired the money intended for Quanta, Rimasauskas was alleged to have moved the funds to different bank accounts around the world to places such as Latvia, Cyprus, Slovakia, Lithuania, Hungary, and Hong Kong. In order to obtain the transferred funds, he is said to have forged the signatures of Facebook and Google executives on invoices, contracts, and letters that he submitted to banks.
Before getting caught, Rimasauskas allegedly received a total of $100 million in transfers from both Google and Facebook. Neither company reported the losses to the SEC as a 'material event', Fortune reported. Facebook told CNBC, the company "recovered the bulk of the funds shortly after the incident and has been cooperating with law enforcement in its investigation."
A Google spokesperson told CNBC, "We detected this fraud against our vendor management team and promptly alerted the authorities. We recouped the funds and we're pleased this matter is resolved."