Lithuanian Man Arrested Over $100 Million Email Scam

A Lithuanian man has been indicted in the United States for convincing two U.S.-based Internet companies into wiring over $100 million to bank accounts he controlled as part of an email fraud scheme.

Evaldas Rimasauskas, 48, was arrested late last week in Lithuania on the basis of a provisional arrest warrant, the New York Office of the FBI said.

The indictment (PDF) claims that Rimasauskas has orchestrated a fraudulent scheme in or around 2013 through in or about 2015, to deceive targeted companies, including a multinational technology company and a multinational online social media company, into wiring funds to bank accounts he controlled.

Rimasauskas registered a company in Latvia with the same name as an Asian-based computer hardware manufacturer, and also opened, maintained, and controlled accounts at banks in Latvia and Cyprus in the name of this company. Then, he started sending fraudulent phishing emails to victim companies – which regularly conducted multimillion-dollar transactions with the legitimate manufacturer – to direct money these companies owed for legitimate goods and services to the accounts he controlled.

As soon as the victim companies wired money to his accounts, Rimasauskas quickly transferred the funds to different bank accounts in various locations throughout the world, including Latvia, Cyprus, Slovakia, Lithuania, Hungary, and Hong Kong.

Further, the individual “caused forged invoices, contracts, and letters that falsely appeared to have been executed and signed by executives and agents of the Victim Companies, and which bore false corporate stamps embossed with the Victim Companies’ names, to be submitted to banks in support of the large volume of funds that were fraudulently transmitted via wire transfer,” U.S. Attorney’s Office, Southern District of New York, says.

Over the course of the scheme, these false and deceptive representations resulted in Rimasauskas causing victim companies to transfer a total of over $100,000,000 in U.S. currency to the accounts he controlled.

Rimasauskas is charged with one count of wire fraud, three counts of money laundering (each carries a maximum sentence of 20 years in prison), and one count of aggravated identity theft. The maximum potential sentences will be determined by the judge.

“From half a world away, Evaldas Rimasauskas allegedly targeted multinational internet companies and tricked their agents and employees into wiring over $100 million to overseas bank accounts under his control. This case should serve as a wake-up call to all companies – even the most sophisticated – that they too can be victims of phishing attacks by cyber criminals. And this arrest should serve as a warning to all cyber criminals that we will work to track them down, wherever they are, to hold them accountable,” acting U.S. Attorney Joon H. Kim said.

Related: Citadel Botnet Author Pleads Guilty

Related: Losses From Business Email Compromise Scams Top $3.1 Billion: FBI

Related: Bayrob Malware Operators Indicted in U.S.