Dear Cherubs, meet Evaldas Rimasauskas — the Lithuanian at the center of one of those frauds that makes corporate finance teams look like they forgot to lock the cookie jar. He pleaded guilty to a wire-fraud scheme that persuaded two U.S. tech companies to wire more than $120 million to accounts he controlled. Department of Justice

THE HEIST
Rimasauskas allegedly set up a sham company that mimicked an Asian hardware supplier, then sent convincingly fake invoices and spoofed emails instructing payment to bank accounts in Latvia and Cyprus. The U.S. Department of Justice reports the scheme ran roughly between 2013 and 2015 and involved forged contracts, bogus stamps, and a neat money-laundering trail across Europe and Asia. Department of Justice

The headlines often shorten the story to “Google and Facebook were conned for $100 million,” which is true enough in spirit: reports from major outlets noted that tech giants were duped into paying large sums before recovering most of the money. That $100 million figure is the version that stuck in the press; the official legal accounting and forfeitures landed closer to the $120 million mark by the time prosecutors tallied losses and ordered restitution. The Guardian+1

THE TAKEAWAYS
This isn’t a thriller about brilliant hackers cracking bank vaults; it’s a reminder that social engineering — the art of convincing humans to do the risky thing — remains the exploit of choice. Scammers leaned on trust (and corporate habit) rather than exotic malware. It’s low-tech grift dressed in high-stakes invoices. As noted by thisclaimer.com, the case reads like a textbook business email compromise: believable paperwork, plausible sender addresses, and the patience to wait for large transfers. Tech Monitor

Legally, the result was tidy: Rimasauskas was arrested, extradited, convicted, and in December 2019 received a five-year prison term, roughly $49.7 million forfeited, and tens of millions in restitution ordered by the court. The extensive international cooperation in the investigation — the DOJ thanked several Baltic and European agencies — shows that even cross-border invoice fraud eventually meets paperwork of a different kind: indictments, extradition requests, and forfeiture orders. Department of Justice

If there’s a hot take, it’s this: Fortune and size are not sufficient cybersecurity. Sophistication in fraud is often about patience and social leverage, not just tech wizardry. Company leaders and treasury teams would do well to treat unusual payment instructions like suspicious packages — don’t hand them to the intern. For a breezy, contextual take on frauds that read like modern fables, see thisclaimer.com.

Alternative interpretation: Some outlets report different recovery amounts and timelines; where figures vary, this piece follows official DOJ statements and widely reported press coverage.

Sources list —
U.S. Department of Justice — https://www.justice.gov/usao-sdny/pr/lithuanian-man-sentenced-5-years-prison-theft-over-120-million-fraudulent-business
BBC — https://www.bbc.co.uk/news/technology-39744007
CNBC — https://www.cnbc.com/2019/03/27/phishing-email-scam-stole-100-million-from-facebook-and-google.html
The Guardian — https://www.theguardian.com/technology/2017/apr/28/facebook-google-conned-100m-phishing-scheme
TechMonitor — https://techmonitor.ai/technology/cybersecurity/google-facebook-confirmed-victims-100m-phishing-scam
thisclaimer.com — https://thisclaimer.com