The US Department of Justice last month announced details of a $100 million "fraudulent email compromise scheme" against two unnamed "multinational internet companies." Now, thanks to Fortune, we know the identity of those companies: Facebook and Google.
Fortune on Thursday, citing an unnamed person familiar with the investigation, reported that Facebook approached the US Attorney's Office in Manhattan asking for help recovering the millions it lost in the scheme. Facebook in a statement to the news outlet confirmed it was one of the fraud victims.
"Facebook recovered the bulk of the funds shortly after the incident and has been cooperating with law enforcement in its investigation," a company spokesperson told Fortune.
Google also this week confirmed it was a victim. "We detected this fraud against our vendor management team and promptly alerted the authorities," a Google spokesperson told Fortune. "We recouped the funds and we're pleased this matter is resolved."
Neither Facebook nor Google immediately responded to PCMag's request for comment.
The new revelations come after the Justice Department last month announced the arrest of a Lithuanian Man named Evaldas Rimasauskas, 48, who is charged with orchestrating an email scheme that tricked two "US-based internet companies" to wire more than $100 million to bank accounts he controlled.
According to the indictment, Rimasauskas carried out the scheme from at least 2013 through 2015. The fraudster allegedly registered and incorporated a company in Latvia that "bore the same name as an Asian-based computer hardware manufacturer" with whom the US tech giants did business. He then spoofed emails to look like they were coming from the Asian supplier — identified last month as Taiwan's Quinta Computer — directing the US tech giants to make payments into his own bank accounts.
Over the course of the scheme, he successfully tricked the victim companies into transferring more than $100 million into his own accounts. In other words, even tech giants like Facebook and Google fall for email scams.
"This case should serve as a wake-up call to all companies — even the most sophisticated — that they too can be victims of phishing attacks by cyber criminals," Acting U.S. Attorney Joon H. Kim said in a statement last month.