Both Google and Facebook have confirmed that they were the victims of a $100 million phishing scam.
Last month a Lithuanian man had been charged regarding an online phishing email scam, though the two US companies who had been targeted were not mentioned.
Fortune reported that the two companies were in fact Facebook and Google who had been convinced by Evaldas Rimasauskas, who had allegedly posed as an Asian manufacturing company between 2013 and 2015.
A spokeswoman for Google said in a statement “We detected this fraud against our vendor management team and promptly alerted the authorities.”
“We recouped the funds and we’re pleased this matter is resolved.”
Facebook said: “Facebook recovered the bulk of the funds shortly after the incident and has been cooperating with law enforcement in its investigation.”
Neither of the victims have confirmed the amount of money that they were able to recuperate.
Phishing continues to be a major problem for those using the internet and attempts have become increasingly more complex. The Nation Audit Office estimates that roughly £14.8 billion was lost by UK customers last year alone.
Paul Calatayud, Chief Technology Officer at FireMon, said: “The issue at hand is whether or not these types of events warrant disclosure. Given that both these companies have significant amounts of money in the bank and some was recovered, as the law stands, I don’t feel reporting it was necessary. I do feel that we are lacking federal level breach disclosure laws that center around eliminating public vs. private or material vs. immaterial conditions.”
“We need to drive awareness; and these notifications can serve to benefit other companies. Until we do that, we will remain debating in Board rooms whether or not cyber investments are necessary or how likely attacks may be.”
Both Facebook and Google reportedly approached law enforcement looking to get their money back.