Since we all know that misery loves company, it may bring some comfort that even Facebook and Google can fall victim to business email compromise scams.
In one way, that makes perfect sense since the weak link is always people. On the other hand, you would think that big companies like Facebook and Google would have been controls in place, but apparently not.
What is staggering is the scale of the business email compromise.
ONE HUNDRED MILLION DOLLARS.
A hacker in Lithuania was recently arrested at the request of the U.S., but he claims he is innocent and is fighting extradition.
According to the indictment, filed in New York, he created false invoices under a legitimate Asian support, Quanta, for computer parts. Both companies apparently buy lots of stuff from these guys so the invoices didn’t seem out of line, I guess. While the details of the indictment are not clear, I assume that he used his own, special wiring instructions.
Because we are talking about Facebook and Google, the indictment only calls them Company 1,2 and 3. Quanta has admitted they are Company 1. Facebook, in response to a request from Fortune, admitted they are one of the parties. Google just admitted that they are one of the parties also.
Facebook said they were able to recover “the bulk of” the funds, whatever that means. Google also said that they recouped the funds. For an attack as sophisticated as a hundred million dollar scam would be, it is surprising that he was not able to hide the money. YOU should be so lucky.
The only difference between this attack and an attack on you or me and why the Manhattan U.S. Attorney was willing to take the case was the sheer size of it.
One question is whether this is a material event that needed to be disclosed to shareholders. For either company, $50 million (half of the take) might not be material and it certainly might not be material if they got some or all of the money back.
Still, this indicates that it can be hard to stop these guys and companies really need to pay attention, especially when amounts that ARE material to smaller companies are involved.
Information for this post came from Fortune.