two US-based companies out of more than US $ 100 million by posing asAttack.Phishingan Asian hardware vendor . Evaldas Rimasauskas , 48 , was arrested late last week by Lithuanian authorities , Manhattan federal prosecutors said on Tuesday . Rimasauskas does not yet have legal counsel , a spokesman for the prosecutors said . The alleged scheme is an example of a growing type of fraud called “ business email compromiseAttack.Phishing” , in which fraudsters ask for money using emails targeted at companies that work with foreign suppliers or regularly make wire transfers . It is a variation on the common “phishing” scamAttack.Phishing, but on a massive scale . The FBI said last June that since October 2013 , US and foreign victims have made 22,143 complaints about business email compromise scamsAttack.Phishinginvolving requests for almost US $ 3.1 billion in transfers . In an indictment unsealed on Tuesday , prosecutors said that to carry out his scheme , which they said began around 2013 or earlier , Rimasauskas registered a company in Latvia with the same name as an Asian computer hardware manufacturer . He then sentAttack.Phishingemails to employees of the two unnamed victim companies , described asAttack.Phishingmultinational internet firms , asking them to wire money that they actually owed to the Asian company to the sham Latvian company ’ s accounts , prosecutors said . The victim companies are described asAttack.Phishinga multinational technology company and a multinational social media company . After they wired money to Rimasauskas ’ s Latvian company , Rimasauskas quickly transferred the funds to different accounts around the world , including in Latvia , Cyprus , Slovakia , Lithuania , Hungary and Hong Kong , prosecutors said . In order to conceal his fraud from banks that handled the transfers , Rimasauskas forgedAttack.Phishinginvoices , contracts and letters purportedly signed by executives at the two victim companies , according to prosecutors . Rimasauskas is charged with wire fraud and money laundering , which each carry a maximum prison sentence of 20 years , and identify theft , which carries a mandatory minimum sentence of two years . Acting US Attorney Joon H. Kim said : “ From half a world away , Evaldas Rimasauskas allegedly targeted multinational internet companies and trickedAttack.Phishingtheir agents and employees into wiring over US $ 100 million to overseas bank accounts under his control . “ This case should serve as a wake-up call to all companies – even the most sophisticated – that they too can be victims of phishing attacksAttack.Phishingby cyber criminals . ”
Attacker forgesAttack.Phishingsecurity certificates , sendsAttack.Phishingemails to government offices and private citizens . In the past few days , the National Authority for Cyber Security has seen evidence of planned cyber attacks on various targets in the Israeli marketplace . The Authority analyzed the evidence and uncovered the attacker 's plan , as well as the different points of application he had used . Their analysis showed the attacker sentAttack.Phishingemails under the guise of a legitimate organization and attempted to attackAttack.Phishing120 organizations , government offices , public institutions , and private citizens . He also forgedAttack.Phishingsecurity certificates , masquerading asAttack.Phishinga safe company . The National Authority for Cyber Security is continuing its efforts to block the threat , and is working to publish guidelines and suggestions to help the Israeli marketplace avoid future attacks of the same type . The guidelines will be published on the Authority 's website .
Last week , the Internal Revenue Service ( IRS ) issued a new warning to employers , urging them to stay alert as reports of compromised W-2 records started to climb . This newest advisory aligns with the agency 's plan to delay refunds for those filing their returns early in order to combat identity theft and fraud . The IRS also informed employers the W-2 scam has moved beyond corporations , expanding to include schools , tribal organizations , and nonprofits . In a statement , IRS Commissioner , John Koskinen , said the scams - sometimes known as Business Email Compromise (BEC) attacksAttack.Phishing- are some of the most dangerous email scams the agency has seen in a long time . [ Learn about top security certifications : Who they 're for , what they cost , and which you need . `` It can result in the large-scale theft of sensitive dataAttack.Databreachthat criminals can use to commit various crimes , including filing fraudulent tax returns . We need everyone ’ s help to turn the tide against this scheme , '' Koskinen said . In 2016 , at least 145 organizations fell victim to BEC scamsAttack.Phishing, exposing tens of thousands of employees to tax fraud and identity theft . Salted Hash kept track of some of the high-profile cases , and Databreaches.net tracked everything , resulting in a massive list of documented successful attacks . As of February 5 , 23 organizations have disclosed BEC-related data breachesAttack.Databreachpublicly , each one resulting in compromised W-2 data . The confirmed BEC victims include ten school systems , a software development firm , a utility company in Pennsylvania , at least one restaurant in Indianapolis , and businesses operating within the healthcare , finance , manufacturing , and energy sectors . Distribution International emailed employees that their W-2 data was compromisedAttack.Databreachon January 27 . Their notification expands the number of affected taxpayers to more than 30,000 . The scammers spoofedAttack.Phishingan email and pretended to beAttack.Phishingone of the company 's owners . W-2 records for all companies and all employees were compromisedAttack.Databreach. Salted Hash reached out to Sky Climber 's CFO , Jeff Caswell , for more information . Also , the College of Southern Idaho has reported an incident that could impact 3,000 employees . According to Public Information Officer Doug Maughan , the W-2 records affected belong to seasonal and auxiliary staff . Palomar College disclosed an attackAttack.Databreachon January 30 , which affected employee W-2 records . The school did n't say the incidentAttack.Databreachwas the result of a BEC attackAttack.Phishing, but Salted Hash is listing it anyway due to the timing of the attack and the information targeted . Finally today , the West Michigan Whitecaps - a Class A minor league baseball team affiliated with the Detroit Tigers - said staff W-2 records were compromised after someone posing asAttack.Phishinga manager requested them . In 2016 , the criminals behind the BEC attacksAttack.Phishingmostly focused on payroll and tax records . This year though , the IRS says that in addition to the usual records request , the scammers are now following-up and requesting wire transfers . `` Although not tax related , the wire transfer scam is being coupled with the W-2 scam email , and some companies have lost both employees ’ W-2s and thousands of dollars due to wire transfers , '' the IRS explained in their warning . `` Employers should consider creating an internal policy , if one is lacking , on the distribution of employee W-2 information and conducting wire transfers . '' BEC attacksAttack.Phishingare essentially Phishing scamsAttack.Phishing, or Spear PhishingAttack.Phishingsince the criminals have a specific target . They 're effective too , exploiting the trust relationships that exist within the corporate environment . In a majority of the reported cases from 2016 , the attackers forgedAttack.Phishingan email and pretended to beAttack.Phishingthe victim organization 's top executive , or someone with direct authority . Often it is the CEO or CFO , but any high-level manager will work .