Acting US Attorney Joon H. Kim
Acting US Attorney Joon H. Kim

A man has been arrested for defrauding two unnamed multinational internet companies out of over US $100 million (£80 million) using sophisticated whaling attacks.

Evaldas Rimasauskas, a Lithuanian national, was arrested late last week by Lithuanian authorities. Rimasauskas is alleged to have opened a company and a variety of bank accounts in Lithuania, Latvia and Cyprus. Rimasauskas is meant to have opened a company called Company-2, similar to the name of an asian company, Company-1.

The indictment says that Rimasauskas then contacted the two multinationals, whom Company-1 regularly did business with, and directed them to send money to the accounts that the suspect had set up.

Rimasauskas then took his ill gotten gains and wired them through a vast network of accounts all over the world. To aid the process, Rimasauskas allegedly forged invoices, contracts and letters adorned with false corporate stamps and signatures designed to allay the suspicions of the banks receiving the hefty sums. Some of the stolen funds have apparently been recovered.

Rimasauskas is charged with one count of wire fraud and aggravated identity theft and three of money laundering. He could face in excess of 20 years in US prison.  

Acting US Attorney Joon H. Kim said in a statement, “This case should serve as a wake-up call to all companies – even the most sophisticated – that they too can be victims of phishing attacks by cyber-criminals. And this arrest should serve as a warning to all cyber-criminals that we will work to track them down, wherever they are, to hold them accountable.”

A whaling attack is more formally known as business email compromise (BEC). While antivirus solutions and technical forms of defence against cyber-attack have gotten much better,  security professionals still have not figured out how to stop people from compromising themselves.   

A typical whaling attack will involve a well crafted email, ostensibly from a senior member of the company, urgently asking for a bank transfer or particular document or even credentials. The apparent senior position of the sender, as well as their hurried tone, are intended to pressurise the recipient into suspending their scepticism.

Attackers normally spend a great deal of time and resources studying the target company before making their move and typically target departments which hold critical credentials or data such as human resources or the finance department.

Europe's biggest manufacturer of wires and electrical cables announced losses of £34 million after a well crafted fraudulent email tricked the finance department into sending money into the wrong account.