DoJ Charges Man With $100M Business Email Scam

MailGuard ATO Scam
Shutterstock

The U.S. Department of Justice (DoJ) announced plans to charge a man allegedly responsible for a $100 million business email compromise scam.

Recent reports said the DoJ plans to charge 48-year-old Evaldas Rimašauskas of Lithuania for his alleged criminal activities between 2013 and 2015. According to the DoJ, Rimašauskas is accused of using a business email compromise (BEC) scam to trick businesses into paying fake invoices. The scam often involves hackers targeting corporate accounts payable departments to initiate payment to a false supplier bill.

“From half a world away, Evaldas Rimašauskas allegedly targeted multinational internet companies and tricked their agents and employees into wiring over $100 million to overseas bank accounts under his control,” said acting U.S. Attorney Joon H. Kim in a statement.

“Attackers are relentlessly working to exploit the email communication channel — regardless of their level of sophistication, motivation or country,” said cybersecurity expert Ryan Kalember, senior vice president of Cyber Strategy at Proofpoint, in an interview with eWEEK. “Email is their top vector because it is easy to impersonate someone else, it can reach virtually anyone at any organization and it is commonly used to make these types of request.”

He cited research from Proofpoint that found a 45 percent spike in BEC attacks in the last quarter of 2016 compared to Q3.

Separate research from Trend Micro released this month found $1 billion total losses worldwide in 2016 due to BEC scams. The Federal Bureau of Investigation said last year that BEC scams led to $3.1 billion in attempted wire fraud between October 2013 and May 2016.

Last year INTERPOL announced the arrest of another alleged criminal responsible for business email scams. Known only as “Mike,” the 40-year-old was the alleged ringleader of a business email scam ring that resulted in $60 million stolen from companies.