“Man stole $122m from Facebook & Google by simply sending them random bills which they paid,” reads the headline of a news article in a screenshot posted on Facebook in South Africa.
The screenshot is of a tweet from 24 September 2021. “Never been angrier in my life for not coming up with an idea for first,” the tweet reads.
A Google search for the headline didn’t return the exact article in the screenshot. But it did produce a story on Boing Boing with a similar headline: “Man stole $122m from Facebook and Google by sending them random bills, which the companies dutifully paid.”
The story, published in March 2019, identifies the man as Evaldas Rimasauskas of Lithuania.
“Rimasauskas’s grift was pretty bold,” it reads. “He merely sent Google and Facebook invoices for items they hadn’t purchased and that he hadn’t provided, which the companies paid anyway.”
Boing Boing says he had pleaded guilty to US charges of wire fraud, aggravated identity theft and money laundering, admitting to stealing $99 million from Facebook and $23 million from Google from 2013 to 2015.
But Rimasauskas’s scam was far more complex and intentional than simply sending "random bills” to the two tech giants.
Registered company in name of tech companies’ supplier
In December 2019 he was sentenced to five years in prison “for theft of over $120 million in fraudulent business email compromise scheme”, according to a press statement on the US justice department’s website.
The statement explains the complexity of the scheme.
In or around 2013, Rimasauskas and unnamed associates registered a company in Latvia – which borders Lithuania to the north – with the same name as a company that already did business with Google and Facebook. Reuters identifies the company as Quanta Computer, a Taiwan-based hardware manufacturer.
Rimasauskas then opened several bank accounts in Latvia and Cyprus in the name of Quanta Computer.
Once these were in place, he sent fake phishing emails to Google and Facebook’s employees and agents. The emails asked that the money the companies owed to Quanta Computer for "legitimate" goods and services it had supplied, be sent to Rimasauskas's fake bank accounts.
The emails were signed off with the names of Quanta Computer’s representatives, and designed to look like they came from the Taiwanese company.
This “succeeded in deceiving the Victim Companies" – Google and Facebook – into "complying with the fraudulent wiring instructions”, the press statement says.
Once the money had been paid, Rimasauskas quickly transferred it to other bank accounts across the world – including in Slovakia, Lithuania, Hungary and Hong Kong. He also created false documents to give to the banks to explain the huge amounts of money he was transferring.
The documents included “forged invoices, contracts, and letters that falsely appeared to have been executed and signed by executives and agents of the Victim Companies, and which bore false corporate stamps embossed with the Victim Companies’ names".
In addition to the five years in prison, Rimasauskas was ordered to forfeit $49.7 million and pay $26.5 million in restitution.
So, no. Rimasauskas didn’t get $122 million by simply sending random invoices. He and his associates opened a company with the name of a legitimate supplier to Google and Facebook, sent phishing emails redirecting money owed to that company to his bank accounts, wired the money across the world, and forged documents to get banks to accept the funds.
For publishers: what to do if your post is rated false
A fact-checker has rated your Facebook or Instagram post as “false”. What should you do? First, don't delete!
Click on our guide for the steps you should follow.
Africa Check teams up with Facebook
Africa Check is a partner in Facebook’s third-party fact-checking programme to help stop the spread of false information on social media.
The content we rate as “false” will be downgraded on Facebook and Instagram. This means fewer people will see it.
You can also help identify false information on Facebook. This guide explains how.