Back to Africa Check

Man stole $122 million from tech giants by sending random bills? No, global fraud far more sophisticated

“Man stole $122m from Facebook & Google by simply sending them random bills which they paid,” reads the headline of a news article in a screenshot posted on Facebook in South Africa.

The screenshot is of a tweet from 24 September 2021. “Never been angrier in my life for not coming up with an idea for first,” the tweet reads.

A Google search for the headline didn’t return the exact article in the screenshot. But it did produce a story on Boing Boing with a similar headline: “Man stole $122m from Facebook and Google by sending them random bills, which the companies dutifully paid.”

The story, published in March 2019, identifies the man as Evaldas Rimasauskas of Lithuania.

“Rimasauskas’s grift was pretty bold,” it reads. “He merely sent Google and Facebook invoices for items they hadn’t purchased and that he hadn’t provided, which the companies paid anyway.”

Boing Boing says he had pleaded guilty to US charges of wire fraud, aggravated identity theft and money laundering, admitting to stealing $99 million from Facebook and $23 million from Google from 2013 to 2015.

But Rimasauskas’s scam was far more complex and intentional than simply sending "random bills” to the two tech giants.


Registered company in name of tech companies’ supplier

The US attorney’s office for the Southern District of New York filed charges against Rimasauskas in 2016. In 2017, he was arrested in Lithuania and extradited to the US to face trial.

In December 2019 he was sentenced to five years in prison “for theft of over $120 million in fraudulent business email compromise scheme”, according to a press statement on the US justice department’s website.

The statement explains the complexity of the scheme.

In or around 2013, Rimasauskas and unnamed associates registered a company in Latvia – which borders Lithuania to the north – with the same name as a company that already did business with Google and Facebook. Reuters identifies the company as Quanta Computer, a Taiwan-based hardware manufacturer.

Rimasauskas then opened several bank accounts in Latvia and Cyprus in the name of Quanta Computer.

Once these were in place, he sent fake phishing emails to Google and Facebook’s employees and agents. The emails asked that the money the companies owed to Quanta Computer for "legitimate" goods and services it had supplied, be sent to Rimasauskas's fake bank accounts.

The emails were signed off with the names of Quanta Computer’s representatives, and designed to look like they came from the Taiwanese company.

This “succeeded in deceiving the Victim Companies" – Google and Facebook – into "complying with the fraudulent wiring instructions”, the press statement says.

Forged documents

Once the money had been paid, Rimasauskas quickly transferred it to other bank accounts across the world – including in Slovakia, Lithuania, Hungary and Hong Kong. He also created false documents to give to the banks to explain the huge amounts of money he was transferring.

The documents included “forged invoices, contracts, and letters that falsely appeared to have been executed and signed by executives and agents of the Victim Companies, and which bore false corporate stamps embossed with the Victim Companies’ names".

In addition to the five years in prison, Rimasauskas was ordered to forfeit $49.7 million and pay $26.5 million in restitution.

So, no. Rimasauskas didn’t get $122 million by simply sending random invoices. He and his associates opened a company with the name of a legitimate supplier to Google and Facebook, sent phishing emails redirecting money owed to that company to his bank accounts, wired the money across the world, and forged documents to get banks to accept the funds.


Republish our content for free

We believe that everyone needs the facts.

You can republish the text of this article free of charge, both online and in print. However, we ask that you pay attention to these simple guidelines. In a nutshell:

1. Do not include images, as in most cases we do not own the copyright.

2. Please do not edit the article.

3. Make sure you credit "Africa Check" in the byline and don't forget to mention that the article was originally published on

For publishers: what to do if your post is rated false

A fact-checker has rated your Facebook or Instagram post as “false”, “altered”, “partly false” or “missing context”. This could have serious consequences. What do you do?

Click on our guide for the steps you should follow.

Publishers guide

Africa Check teams up with Facebook

Africa Check is a partner in Meta's third-party fact-checking programme to help stop the spread of false information on social media.

The content we rate as “false” will be downgraded on Facebook and Instagram. This means fewer people will see it.

You can also help identify false information on Facebook. This guide explains how.

Add new comment

Restricted HTML

  • Allowed HTML tags: <a href hreflang> <em> <strong> <cite> <blockquote cite> <code> <ul type> <ol start type> <li> <dl> <dt> <dd> <h2 id> <h3 id> <h4 id> <h5 id> <h6 id>
  • Lines and paragraphs break automatically.
  • Web page addresses and email addresses turn into links automatically.
limit: 600 characters

Want to keep reading our fact-checks?

We will never charge you for verified, reliable information. Help us keep it that way by supporting our work.

Become a newsletter subscriber

Support independent fact-checking in Africa.