Facebook and Google were conned out of $100m in phishing scheme

Apparently Facebook and Google are not on their game when it comes to information awareness training.

The Con job

Google and Facebook were phished for over $100m, it has been reported, proving not even the biggest technology companies in the world are immune from the increasingly sophisticated attacks of online scammers.

Last month it was reported that two major tech companies were tricked by a Lithuanian man into sending him over $100m (£77m). Evaldas Rimasauskas, 48, was charged with wire fraud, money laundering and aggravated identity theft for impersonating Quanta Computer – a Taiwanese electronics manufacturer that includes Google, Facebook and Apple as clients.

Social engineering attacks are one of the biggest vulnerabilities enterprises face going into the 21st century. In today's world information security and awareness should be on the mind of all C level management in all sectors of the economy. From protecting your client's credit and personal information to your own.

Wiki

Social engineering, in the context of information security, refers to psychological manipulation of people into performing actions or divulging confidential information. A type of confidence trick for the purpose of information gathering, fraud, or system access, it differs from a traditional "con" in that it is often one of many steps in a more complex fraud scheme. The term "social engineering" as an act of psychological manipulation is also associated with the social sciences, but its usage has caught-on among computer and information security professionals.[1]

In order to avoid social engineering attacks your team requires continual training on information awareness and how and when to spot a potential threat. The more connected the world becomes the more vulnerable your systems become.

a reply to: toysforadults

Crime is only legal when the CEOs do it.

The point is that businesses need to take their IT infrastructure and InfoSec departments more seriously.

The modern IT landscape requires abstract creative solutions, high business acumen and strong interpersonal relationship skills with a deep understanding of psychology to stay protected.

a reply to: toysforadults
Google and Facebook were able to get most of their money back which is more than most phishing victims can say.

I guess it would take too long to withdraw $100 million from Lithuanian ATMs at whatever the daily withdrawal rate allows, so if he wasn't able to get the cash it was still available to be retrieved electronically when Google and Facebook noticed the problem?

Apparently the US is trying to extradite the perp to the US for trial. I guess the $80 billion a year US prison system that already eclipses the GDPs of 133 countries isn't big enough so they also need to incarcerate foreign prisoners? Or they don't trust the Lithuanian justice system?

Lithuanian authorities had wiretapped phone of man suspected by US of large-scale fraud

Rimasauskas, who is faced with suspicions of fraud of extremely large scale and whom prosecutors want extradited to the US, has contested the court conclusion to sanction the wiretapping in the case under investigation in Lithuania.

Average pay in Lithuania is less than $15,000 a year and the US will pay $35,000 a year to keep him in prison for many years so even if prosecutors win the case against him, doesn't it seem like the US taxpayers are losing on this deal?

This is really simple.

Work for the company, no social media during the day. Any discussion of work outside of the place of business with outside players not through official documented channels, your written up. 2nd, you're fired and responsible for any damages resulting.

Linkd In needs to die.

a reply to: SR1TX

I think the solution is to stop forcing your IT department to work on penny budgets.

A major issue I see is talent acquisition and management.

My next theory is that InfoSec isn't at the forefront (or hasn't been) of ideology within C level management.

Until The People can win a class action suit against a company for their craptastic information security, there will be nothing driving businesses to create greater security.

Where there's a will there's a way....and you need to kick them in the ass to give them the will.

There is a reason social engineering attacks are so prevalent... lots of otherwise intelligent people fall for it on a regular basis.

I do not think in 18 years I was ever in a squadron that did not have at least 1 person a year fall for it.

You can have the best security in the world bar none... and some idiot will still get got.

a reply to: bigfatfurrytexan

Thats the big story.

It's cheaper for the company to pay than it is to hire 100 InfoSec techs and give them the proper budget.