A leader of an international criminal network that stole millions of dollars from two American businesses while pretending to be a legitimate vendor is now in prison.
Evaldas Rimasauskas was one of the orchestrators of the Lithuania-based business email compromise (BEC) scheme. Beginning in 2013, his employees regularly called the victim companies’ customer service numbers to glean as much information as they could about the companies. They asked for details like names of key employees and their contact information.
They also sent phishing emails that gave them access to the companies’ email systems—giving the fraudsters an even bigger trove of information about the victim companies.
“It was a big, sophisticated research effort,” said Special Agent Jonathan Polonitza, who investigated this case out of the FBI’s New York Field Office.
Armed with these details and two years of research, one of the fraudsters simply called the companies pretending to be a vendor. The caller told each company to change their bank account information for an upcoming payment.
The two companies wired several payments to the fraudulent accounts, adding up to more than $120 million.
And this is where Rimasauskas came in: He was in charge of setting up the fraudulent accounts and then immediately laundering the funds all over the world.
“Unfortunately, this is happening to a lot of companies because it’s a crime that can be committed from the other side of the world.”
Jonathan Polonitza, FBI New York
Luckily, the companies notified the FBI of the email intrusions. Investigators froze some of the funds before Rimasauskas and his associates could move the money. Rimasaukas had created a vast paper trail, including contracts, invoices, and other documents to try to make the transactions look legitimate.
But the FBI worked closely with partner agencies around the world to investigate Rimasaukas’ operation and bring him to the United States for prosecution. He pleaded guilty to wire fraud charges and was sentenced last December to five years in prison.
“Unfortunately, this is happening to a lot of companies because it’s a crime that can be committed from the other side of the world,” Polonitza said. “They also work very hard to remain anonymous.”
BEC is a growing crime—with a staggering price tag. Between 2013 and 2019, the Internet Crime Complaint Center (IC3) received complaints of more than $10 billion in losses from the crime.
But there are things you can do to protect yourself and your business. And if you are victimized, it’s critical to notify law enforcement as soon as possible. In some cases, money can be recovered.
“It’s very important to be careful in opening any email attachments,” Polonitza said. “If something is suspicious, alert your company’s security. If you are a victim in a case like this, the sooner we know, the sooner we can help.”
If you or your company is affected by business email compromise, contact law enforcement immediately and file a complaint online with the IC3 at bec.ic3.gov.
Protect Yourself from BEC
The Internet Crime Complaint Center offers the following tips for both companies and individuals to stay safe from hackers looking to steal your money:
- Use two-factor authentication to verify any changes to account information or wire instructions.
- Check the full email address on any message and check the hyperlinks for spelling.
- Never give login credentials or personal information in response to a text or email.
- Monitor all financial accounts.
- Keep all software and systems up to date.