Following the news that a Lithuanian man had been charged over an email phishing scam attack Attack.Phishing against `` two US-based internet companies '' whose identities were not disclosed , it has been recently confirmed that the two companies involved were actually tech giants Google and Facebook . In a report published April 27 , Fortune disclosed the identities of both companies . The companies had been tricked Attack.Phishing into wiring over US $ 100 million to the alleged scammer ’ s bank accounts . Evaldas Rimasauskas , 48 , purportedly posed as Attack.Phishing an Asia-based manufacturer and deceived Attack.Phishing the two companies from at least 2013 to 2015 . `` Fraudulent phishing emails were sent to Attack.Phishing employees and agents of the victim companies , which regularly conducted multimillion-dollar transactions with [ the Asian ] company , '' the US Department of Justice ( DOJ ) said . The DOJ alleged that emails supposedly from the employees of said Asian manufacturer were sent from Attack.Phishing email accounts designed to look like Attack.Phishing they were actually from the firm . Rimasauskas was charged by the DOJ in March of sending Attack.Phishing the forged emails , as well as for fabricating invoices , contracts and letters `` that falsely appeared Attack.Phishing to have been executed and signed by executives and agents of the victim companies . '' `` We detected this fraud against our vendor management team and promptly alerted the authorities , '' a spokesperson for Google said in a statement . `` We recouped the funds and we 're pleased this matter is resolved . '' `` Facebook recovered the bulk of the funds shortly after the incident and has been cooperating with law enforcement in its investigation , '' a representative from Facebook said . The BBC reported that neither Google nor Facebook revealed how much money they had transferred , or how much they recouped following the incident . While the two companies have advanced cybersecurity measures in place , the phishing attacks Attack.Phishing targeted individuals through their emails — attacks that could have been avoided through proper verification of dubious payment requests . `` Sometimes staff [ at large firms ] think that they are defended , that security is n't part of their job , '' James Maude of cyber-security firm Avecto told the BBC . `` But people are part of the best security you can have — that 's why you have to train them . ''

Google Docs was pulled into a sneaky email phishing attack Attack.Phishing on Tuesday that was designed to trick Attack.Phishing users into giving up access to their Gmail accounts . The phishing emails , which circulated Attack.Phishing for about three hours before Google stopped them , invited Attack.Phishing the recipient to open what appeared to be Attack.Phishing a Google Doc . The teaser was a blue box that said , “ Open in Docs. ” In reality , the link led to a dummy app that asked users for permission to access their Gmail account . An example of the phishing email that circulated Attack.Phishing on Tuesday . Users might easily have been fooled Attack.Phishing , because the dummy app was actually named “ Google Docs. ” It also asked for access to Gmail through Google ’ s actual login service . The hackers were able to pull off the attack by abusing the OAuth protocol , a way for internet accounts at Google , Twitter , Facebook and other services to connect with third-party apps . The OAuth protocol doesn ’ t transfer any password information , but instead uses special access tokens that can open account access . However , OAuth can be dangerous in the wrong hands . The hackers behind Tuesday’s attack Attack.Phishing appear to have built Attack.Phishing an actual third-party app that leveraged Google processes to gain account access . The dummy app will try to ask for account permission . Last month , Trend Micro said a Russian hacking group known as Fancy Bear was using a similar email attack method that abused the OAuth protocol to phish Attack.Phishing victims . However , security experts said Tuesday's phishing attack Attack.Phishing probably was n't from Fancy Bear , a shadowy group that many experts suspect works for the Russian government . `` I do n't believe they are behind this ... because this is way too widespread , '' Jaime Blasco , chief scientist at security provider AlienVault , said in an email . On Tuesday , many users on Twitter , including journalists , posted screen shots of the phishing emails , prompting speculation that the hackers were harvesting Attack.Databreach victims ' contact lists to target more users . The attack Attack.Phishing was also sent Attack.Phishing through an email address at `` hhhhhhhhhhhhhhhh @ mailinator.com . '' Mailinator , a provider of a free email service , denied any involvement . Fortunately , Google moved quickly to stop the phishing attacks Attack.Phishing , after a user on Reddit posted about them . “ We ’ ve removed the fake pages , pushed Vulnerability-related.PatchVulnerability updates through Safe Browsing , and our abuse team is working to prevent this kind of spoofing Attack.Phishing from happening again , ” Google said in a statement . Security experts and Google recommend affected users check what third-party apps have permission to access their account and revoke any suspicious access . Users can do so by visiting this address , or performing a Google security check-up . Tuesday's phishing scheme Attack.Phishing will probably push Google to adopt an even stricter stance on apps that use OAuth , said Robert Graham , CEO of research company Errata Security . However , the internet giant has to strike a balance between ensuring security and fostering a flourishing app ecosystem . `` The more vetting you do , the more you stop innovation , '' Graham said . `` It 's a trade-off . ''

A Twitter user by the name @ EugenePupov is trying to take credit for the massive phishing attack Attack.Phishing that hit Attack.Phishing Gmail users last night , and which attempted to trick Attack.Phishing users into granting permission for a fake Google Docs app to access their Gmail inbox details . While Google intervened and stopped the self-spreading attack about an hour after it started — which is a pretty good response time — questions still linger about who was behind it . If there 's one thing we know for sure , is that the fake Google Docs app was registered using the email eugene.pupov @ gmail.com . The owner of the aforementioned @ EugenePupov Twitter account , who took credit for the attacks , claimed in a series of tweets [ assembled below ] it was only a test . While some might think this is an open & close case , it is not quite so . For starters , the Twitter account was registered yesterday , on the same day of the attack , which is n't necessarily suspicious , but it 's odd . Second , if you would try to reset that Twitter account 's password , you 'll see that the Twitter account is n't registered with the same address used in the phishing attacks Attack.Phishing . Registering a Twitter account with the eugene.pupov @ gmail.com email would n't haven been possible either way , as this Gmail address is n't registered at all . Furthermore , a Coventry University spokesperson told Bleeping Computer today that no person with the name Eugene Pupov is currently enrolled at their institution . Later they confirmed it on Twitter . If things were n't shady enough , the Twitter account used a profile image portraying a molecular biologist named Danil Vladimirovich Pupov , from the Institute of Molecular Genetics , at the Russian Academy of Sciences . When other users called out [ 1 , 2 ] the Twitter account for using another person 's image , the man behind the @ EugenePupov account simply changed it to a blank white image . To clarify what exactly is going on with the Twitter account images , we 've reached out to the real Danil Pupov hoping for some answers , as we were n't able to find any good reasons for why a molecular biologist would fiddle around with Gmail spam campaings and fake Google Docs apps . As things are looking right now , it appears that someone is either in the mood for a prank , or the real person behind the attack is trying to plant a false flag and divert the attention of cyber-security firms investigating the incident [ 1 , 2 ] . As for Google , after a more thorough investigation , the company says that only 0.1 % of all Gmail users received Attack.Phishing the phishing email that contained the link to Pupov 's fake Google Docs app that requested permission to access users ' inboxes . That 's around one million users of Gmail 's one billion plus userbase .