Connect with us

Hi, what are you looking for?



Lithuanian Man Arrested Over $100 Million Email Scam

A Lithuanian man has been indicted in the United States for convincing two U.S.-based Internet companies into wiring over $100 million to bank accounts he controlled as part of an email fraud scheme.

A Lithuanian man has been indicted in the United States for convincing two U.S.-based Internet companies into wiring over $100 million to bank accounts he controlled as part of an email fraud scheme.

Evaldas Rimasauskas, 48, was arrested late last week in Lithuania on the basis of a provisional arrest warrant, the New York Office of the FBI said.

The indictment (PDF) claims that Rimasauskas has orchestrated a fraudulent scheme in or around 2013 through in or about 2015, to deceive targeted companies, including a multinational technology company and a multinational online social media company, into wiring funds to bank accounts he controlled.

Rimasauskas registered a company in Latvia with the same name as an Asian-based computer hardware manufacturer, and also opened, maintained, and controlled accounts at banks in Latvia and Cyprus in the name of this company. Then, he started sending fraudulent phishing emails to victim companies – which regularly conducted multimillion-dollar transactions with the legitimate manufacturer – to direct money these companies owed for legitimate goods and services to the accounts he controlled.

As soon as the victim companies wired money to his accounts, Rimasauskas quickly transferred the funds to different bank accounts in various locations throughout the world, including Latvia, Cyprus, Slovakia, Lithuania, Hungary, and Hong Kong.

Further, the individual “caused forged invoices, contracts, and letters that falsely appeared to have been executed and signed by executives and agents of the Victim Companies, and which bore false corporate stamps embossed with the Victim Companies’ names, to be submitted to banks in support of the large volume of funds that were fraudulently transmitted via wire transfer,” U.S. Attorney’s Office, Southern District of New York, says.

Over the course of the scheme, these false and deceptive representations resulted in Rimasauskas causing victim companies to transfer a total of over $100,000,000 in U.S. currency to the accounts he controlled.

Advertisement. Scroll to continue reading.

Rimasauskas is charged with one count of wire fraud, three counts of money laundering (each carries a maximum sentence of 20 years in prison), and one count of aggravated identity theft. The maximum potential sentences will be determined by the judge.

“From half a world away, Evaldas Rimasauskas allegedly targeted multinational internet companies and tricked their agents and employees into wiring over $100 million to overseas bank accounts under his control. This case should serve as a wake-up call to all companies – even the most sophisticated – that they too can be victims of phishing attacks by cyber criminals. And this arrest should serve as a warning to all cyber criminals that we will work to track them down, wherever they are, to hold them accountable,” acting U.S. Attorney Joon H. Kim said.

Related: Citadel Botnet Author Pleads Guilty

Related: Losses From Business Email Compromise Scams Top $3.1 Billion: FBI

Related: Bayrob Malware Operators Indicted in U.S.

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

SecurityWeek’s Threat Detection and Incident Response Summit brings together security practitioners from around the world to share war stories on breaches, APT attacks and threat intelligence.


Securityweek’s CISO Forum will address issues and challenges that are top of mind for today’s security leaders and what the future looks like as chief defenders of the enterprise.


Expert Insights

Related Content


The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.


Luxury retailer Neiman Marcus Group informed some customers last week that their online accounts had been breached by hackers.


As it evolves, web3 will contain and increase all the security issues of web2 – and perhaps add a few more.


A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...


Satellite TV giant Dish Network confirmed that a recent outage was the result of a cyberattack and admitted that data was stolen.


Zendesk is informing customers about a data breach that started with an SMS phishing campaign targeting the company’s employees.

Artificial Intelligence

The release of OpenAI’s ChatGPT in late 2022 has demonstrated the potential of AI for both good and bad.

Artificial Intelligence

The degree of danger that may be introduced when adversaries start to use AI as an effective weapon of attack rather than a tool...