Incident Of The Week: Google, Facebook Phished For Millions

Both companies paid out $23M and $100M respectively to a cyber criminal

Even industry giants like Google and Facebook find themselves struggling with phishing scams. But according to CNBC’s Kate Fazzini, unlike most companies and individuals who find themselves victims of this cyber crime, they oftentimes aren’t as lucky to recover the funds. Many take a massive hit and some are forced out of business by this type of phishing attack.

Phishing attacks are constantly cited as one of the biggest threat to corporations of all sizes. In fact, at the recent CISO Exchange West event in California earlier this week, Albertsons-Safeway CISO John Kirkwood warned attendees, “When bringing cyber security tools into your environment, don’t get lulled into thinking you’ve done your due diligence because that’s not enough.” This sentiment echoed what so many others said at the Exchange, saying despite all the tools, education and awareness training IT does on phishing — it is still the biggest headache.

The Google And Facebook Incident Details

Last week the DoJ announced the indictment of a Lithuanian man who admitted to using an invoice fraud cyber attack. Fazzini reported that “a Lithuanian national named Evaldas Rimasauskas -- who pleaded guilty to wire fraud on March 20 -- spent two years posing as a third party who conducted business with the two companies. The fraud was highly involved, and the tech giants’ money took a round-the-world trip to be laundered before ending up in Rimasauskas’s hands.”

Google and Facebook wired funds to Rimasauskas’ “bank accounts in Latvia and Cyprus,” who then, “quickly wired [the funds] into different bank accounts in various locations throughout the world, including Latvia, Cyprus, Slovakia, Lithuania, Hungary, and Hong Kong,” according to the Justice Department. Rimasauskas “forged invoices, contracts, and letters that falsely appeared to have been executed and signed by executives and agents of [Google and Facebook], and which bore false corporate stamps embossed with [their] names, to be submitted to banks in support of the large volume of funds that were fraudulently transmitted via wire transfer,” as reported in the CNBC article.

Google lost around $23 million in the scam, while Facebook was out $100 million. But according to both companies, the funds were recovered.

How The Phishing Attack Works

The business email compromise (also called BEC, CEO or invoice fraud in this case) approach typically targets finance and other corporate executives who are tricked into issuing payments that could be upwards of millions or hundreds of millions of dollars.

The attacker will send an email saying, ‘I’m a supplier in Taiwan and I changed my bank account information,’ instructing the recipient to forward payment to the so-called new account. In 2017, 77% of treasury and finance professionals said they experienced an attempted or actual BEC scam, according to the Association for Financial Professionals.

See Related: “The Phishing Phenomenon: How To Keep Your Head Above Water

According to the FBI, the amount of money that scammers attempted to steal through business e-mail compromise grew 136% between December 2016 and May 2018. Overall, e-mail scammers targeted more than $12 billion worldwide between October 2013 and May 2018.

How To Detect A Phishing Attack

The most common phishing emails incorporate two elements: a sense of urgency or a request for help. This could mean an email saying that an invoice was overdue, or an email purporting to be from a colleague asking for help on a project at work.

Some phishing emails are so clever IT professionals have been duped as well. Here are some tell-tale signs of a potential phishing attack:

  • The domain name might have a different spelling, but sound alike.
  • There are similar but different characters are used for the domain name.
  • There are mismatched URLs.
  • The “From” and “Reply-To” fields are mismatched (e.g., the email comes from one person, but you reply to a different address). This is typically seen with CEO fraud phishing emails.
  • Recipients are informed their accounts show suspicious activity and have been suspended. Often, they will be asked to provide information to restore them.
  • Recipients will be warned there will be dire consequences unless they take action, such as paying the IRS to settle a “tax debt” through a wire transfer.
  • Emails contain spelling and grammar mistakes.
  • Emails have attachments containing macros.

Enterprises can reduce the likelihood of a successful phishing attack through ongoing employee education and phishing-filtering software. They should also reduce the impact to the organization of a successful attack through endpoint protection, two-factor (or multi-factor) authentication, security patches, and changing passwords regularly.

See Related: "Incident Of The Week" Articles