The bigger the corporate budget, the bigger the potential losses through Business Email Compromise (BEC).
Court records from the Southern District of New York reveal that Google and Facebook transferred $123 million to the account of a Lithuanian man after he hit both companies through a BEC scam.
Graham Cluley has a good write-up on the approach the cyber bad actor took in this case:
A Lithuanian man has this week pleaded guilty to tricking Google and Facebook into transferring over $100 million into a bank account under his control after posing as a company that provided the internet giants with hardware for their data centers.
Fifty-year-old Evaldas Rimasauskas registered and incorporated a company in Latvia with the same name as Quanta Computer, a Taiwan-based electronics manufacturing giant that which been operating since the 1980s.
Knowing that Facebook and Google used Quanta’s technology in their data centers, Rimasauskas sent emails to the firms claiming to come from Quanta with forged invoices and fraudulent contracts.
Rimaskauskas pleaded guilty and faces up to 30 years in prison. He will be sentenced in July.
BEC: lawsuits and firings
SecureWorld has noticed an uptick in Business Email Compromise cases we are covering. This includes the case where employees transferred $18.6 million in a single week. Those employees were fired.
And it includes a company that is suing its former employee over BEC losses the employee caused.
[RESOURCE: BEC Scams: Don't Be the Next Victim]