two of the world 's biggest companies was arrested on fraud charges GOOGLE and Facebook have admitted they were conned outAttack.Phishingof an alleged $ 100million ( £77million ) in a phishing scamAttack.Phishing. The two world 's biggest companies fell victim after a Lithuanian man allegedly trickedAttack.Phishingemployees into wiring over the money to bank accounts that he controlled , Fortune reported on Thursday . Evaldas Rimasauskas , 48 , is accused of posing asAttack.Phishingan Asia-based manufacturer and deceivedAttack.Phishingthe internet giants from around 2013 until 2015 . He was arrested earlier this month in Lithuania at the request of US authorities The conman is said to have forgedAttack.Phishingemail addresses , invoices and corporate stamps to impersonateAttack.PhishingQuanta and trickAttack.Phishingthem into paying for computer supplies . Rimasauskas , who is awaiting extradition proceedings , has denied the allegations . The US Department of Justice ( DOJ ) said last month : `` Fraudulent phishing emails were sentAttack.Phishingto employees and agents of the victim companies , which regularly conducted multi-million-dollar transactions with [ the Asian ] company . '' Both Facebook and Google have confirmed the fraud and said that they had been able to recoup funds . But they did n't reveal how much money it had transferred and recouped . A Google spokeswoman said : `` We detected this fraud against our vendor management team and promptly alerted the authorities . '' `` We recouped the funds and we ’ re pleased this matter is resolved . '' A spokeswoman for Facebook added : `` Facebook recovered the bulk of the funds shortly after the incident and has been cooperating with law enforcement in its investigation . '' Security experts said the recent cyber attack highlighted how sophisticated phishing scamsAttack.Phishingare being used to foolAttack.Phishingeven two of the biggest tech companies .
US prosecutors have charged a Lithuanian man with engaging in an email fraud scheme in which he bilkedAttack.Phishingtwo US-based companies out of more than US $ 100 million by posing asAttack.Phishingan Asian hardware vendor . Evaldas Rimasauskas , 48 , was arrested late last week by Lithuanian authorities , Manhattan federal prosecutors said on Tuesday . Rimasauskas does not yet have legal counsel , a spokesman for the prosecutors said . The alleged scheme is an example of a growing type of fraud called “ business email compromiseAttack.Phishing” , in which fraudsters ask for money using emails targeted at companies that work with foreign suppliers or regularly make wire transfers . It is a variation on the common “phishing” scamAttack.Phishing, but on a massive scale . The FBI said last June that since October 2013 , US and foreign victims have made 22,143 complaints about business email compromise scamsAttack.Phishinginvolving requests for almost US $ 3.1 billion in transfers . In an indictment unsealed on Tuesday , prosecutors said that to carry out his scheme , which they said began around 2013 or earlier , Rimasauskas registered a company in Latvia with the same name as an Asian computer hardware manufacturer . He then sentAttack.Phishingemails to employees of the two unnamed victim companies , described asAttack.Phishingmultinational internet firms , asking them to wire money that they actually owed to the Asian company to the sham Latvian company ’ s accounts , prosecutors said . The victim companies are described asAttack.Phishinga multinational technology company and a multinational social media company . After they wired money to Rimasauskas ’ s Latvian company , Rimasauskas quickly transferred the funds to different accounts around the world , including in Latvia , Cyprus , Slovakia , Lithuania , Hungary and Hong Kong , prosecutors said . In order to conceal his fraud from banks that handled the transfers , Rimasauskas forgedAttack.Phishinginvoices , contracts and letters purportedly signed by executives at the two victim companies , according to prosecutors . Rimasauskas is charged with wire fraud and money laundering , which each carry a maximum prison sentence of 20 years , and identify theft , which carries a mandatory minimum sentence of two years . Acting US Attorney Joon H. Kim said : “ From half a world away , Evaldas Rimasauskas allegedly targeted multinational internet companies and trickedAttack.Phishingtheir agents and employees into wiring over US $ 100 million to overseas bank accounts under his control . “ This case should serve as a wake-up call to all companies – even the most sophisticated – that they too can be victims of phishing attacksAttack.Phishingby cyber criminals . ”
Called Chrysaor , the Android variant can stealAttack.Databreachdata from messaging apps , snoop overAttack.Databreacha phone ’ s camera or microphone , and even erase itself . On Monday , Google and security firm Lookout disclosed the Android spyware , which they suspect comes from NSO Group , an Israeli security firm known to develop smartphone surveillance products . Fortunately , the spyware never hit the mainstream . It was installed less than three dozen times on victim devices , most of which were located in Israel , according to Google . Other victim devices resided in Georgia , Mexico and Turkey , among other countries . Users were probably trickedAttack.Phishinginto downloading the malicious coding , perhaps though a phishing attackAttack.Phishing. Once it installs , the spyware can act as keylogger , and stealAttack.Databreachdata from popular apps such as WhatsApp , Facebook and Gmail . In addition , it possesses a suicide function that ’ ll activate if it doesn ’ t detect a mobile country code on the phone -- a sign that the Android OS is running on an emulator . The surveillance features are similar to those found in Pegasus , which has also been linked with NSO Group . At the time , Lookout called the spyware the most sophisticated attack it ’ s ever seen on a device . The iOS variant exploited three previously unknown vulnerabilities to take over a phone and surveil the user . The spyware was uncovered when a human rights activist in the United Arab Emirates was found infected by it . His phone had receivedAttack.Phishingan SMS text message , which contained a malicious link to the spyware . But Lookout had also been investigating into whether NSO Group developed an Android version . To find out , the security firm compared how the iOS version compromises an iPhone and matched those signatures with suspicious behavior from a select group of Android apps . Those findings were then shared with Google , which managed to identify who was affected . However , unlike the iOS version , the Android variant doesn ’ t actually exploit any unknown vulnerabilities . Instead , it taps known flaws in older Android versions . Chrysaor was never available on Google Play , and the small number of infected devices found suggests that most users will never encounter it , the search giant said
Schools and colleges are being warned to be on the lookout for ransomware attacksAttack.Ransom, after a wave of incidents where fraudsters attempted to trickAttack.Phishingeducational establishments into opening dangerous email attachments . What makes the attacksAttack.Phishingunusual , however , is just how the attackers trickedAttack.Phishingusers into clicking on the malware-infected attachments . As Action Fraud warns , confidence tricksters are phoning up schools and colleges pretending to beAttack.Phishingfrom the “ Department of Education ” . The fraudsters request the email or phone number of the institution ’ s head teacher or financial administrator claiming they need to sendAttack.Phishingguidance forms to the individual directly , as they contain sensitive information . The emails , however , have a .ZIP file attached , which often contains a boobytrapped Word document or Excel spreadsheet which initiates the ransomware infection . According to reports , up to £8,000 can be demandedAttack.Ransomfor the safe decryption of files on the victims ’ computers . That is , of course , money that few schools can afford to spend . Similar scams have posed as beingAttack.Phishingfrom telecoms providers claiming to need to speak to the head teacher about “ internet systems ” or the Department of Work and Pensions . In all cases the chances of the attack succeeding are increased by the fact that it is prefaced by a phone call . We ’ re all very used to receiving suspicious emails in our inbox , but may be caught off guard if it is accompanied by an official-sounding phone call . Action Fraud ’ s warning indicates that there are considerable amounts of money to be made by online criminals through ransomware attacksAttack.Ransom. If there weren ’ t , they wouldn ’ t be prepared to go to such extreme efforts ( such as making bogus phone calls ) to increase the likelihood that their poisoned email attachments will be opened . More money can typically be extortedAttack.Ransomfrom an organisation than an individual , with some corporations having paid outAttack.Ransomhuge sums to blackmailers after having their data locked away through a ransomware attackAttack.Ransom.