Following the news that a Lithuanian man had been charged over an email phishing scam attack Attack.Phishing against `` two US-based internet companies '' whose identities were not disclosed , it has been recently confirmed that the two companies involved were actually tech giants Google and Facebook . In a report published April 27 , Fortune disclosed the identities of both companies . The companies had been tricked Attack.Phishing into wiring over US $ 100 million to the alleged scammer ’ s bank accounts . Evaldas Rimasauskas , 48 , purportedly posed as Attack.Phishing an Asia-based manufacturer and deceived Attack.Phishing the two companies from at least 2013 to 2015 . `` Fraudulent phishing emails were sent to Attack.Phishing employees and agents of the victim companies , which regularly conducted multimillion-dollar transactions with [ the Asian ] company , '' the US Department of Justice ( DOJ ) said . The DOJ alleged that emails supposedly from the employees of said Asian manufacturer were sent from Attack.Phishing email accounts designed to look like Attack.Phishing they were actually from the firm . Rimasauskas was charged by the DOJ in March of sending Attack.Phishing the forged emails , as well as for fabricating invoices , contracts and letters `` that falsely appeared Attack.Phishing to have been executed and signed by executives and agents of the victim companies . '' `` We detected this fraud against our vendor management team and promptly alerted the authorities , '' a spokesperson for Google said in a statement . `` We recouped the funds and we 're pleased this matter is resolved . '' `` Facebook recovered the bulk of the funds shortly after the incident and has been cooperating with law enforcement in its investigation , '' a representative from Facebook said . The BBC reported that neither Google nor Facebook revealed how much money they had transferred , or how much they recouped following the incident . While the two companies have advanced cybersecurity measures in place , the phishing attacks Attack.Phishing targeted individuals through their emails — attacks that could have been avoided through proper verification of dubious payment requests . `` Sometimes staff [ at large firms ] think that they are defended , that security is n't part of their job , '' James Maude of cyber-security firm Avecto told the BBC . `` But people are part of the best security you can have — that 's why you have to train them . ''

The recent political furor over state sponsored hacking took an ugly and dangerous turn , on the morning of December 30th when a tiny Vermont electric utility reported that Grizzly Steppe – the spear-fishing process used to access Attack.Databreach DNC emails – had been found on one of their systems . Vermont Governor , Peter Shumlin issued a statement accusing Vladimir Putin of attempting to hack Vermont ’ s electrical grid , and many others follow suit . And there appears to be a good chance that the malicious code found on a Burlington Electric laptop is evidence of a state sponsored cyberattack . Following the initial news cycle , some pundits dismissed the finding as a non-story . It ’ s true , the laptop was “ not connected to the power grid systems ” , and there is no proof yet that the Russians were involved . It ’ s also true that the Russian built Grizzly Steppe hacking code is widely available on the dark internet , and anyone could have put it on that laptop . According to Ukrainian energy provider Ukrenergo , a second major outage on December 17 , 2016 , may have been caused by a similar cyber-attack . Attacks on critical infrastructure typically require a long , slow , low-profile campaign , beginning with subtle , difficult to detect maneuvers , like slipping malware on laptop computers . Two years prior to the first Ukraine incident , hackers began attempting to acquire Attack.Databreach legitimate login credentials by hacking Attack.Databreach non-operational systems at Ukrainian utilities – systems very much like Burlington Electric ’ s laptop . According to a Booz Allen analysis , spear-phishing emails containing weaponized Microsoft Word , Excel , and PowerPoint files , exactly the type of files typically found on laptop computers , were sent to Attack.Phishing Ukraine electric utility employees as early as May 2014 . Once legitimate login credentials were discovered through these seemingly minor attacks on non-operational systems , the hackers used them to access critical Industrial Control Systems ( ICS ) in order to shutoff breakers , shutdown uninterrupted power supplies ( UPS ) , destroy Human Machine Interface ( HMI ) systems , and destroy Serial-to-Ethernet devices at substations .