A Lithuanian man has been charged with tricking two US technology firms into wiring him $100m (£80.3m) through an email phishing scam.
Posing as an Asian-based manufacturer, Evaldas Rimasauskas tricked staff into transferring money into bank accounts under his control, US officials said.
The companies were not named but were described as US-based multinationals, with one operating in social media.
Officials called it a wake-up call for even “the most sophisticated” firms.
According to the US Department of Justice, Mr Rimasauskas, 48 – who was arrested in Lithuania last week – deceived the firms from at least 2013 up until 2015.
He allegedly registered a company in Latvia which bore the same name as an Asian-based computer hardware manufacturer and opened various accounts in its name at several banks.
‘Fake email accounts’
The DoJ said: “Thereafter, fraudulent phishing emails were sent to employees and agents of the victim companies, which regularly conducted multimillion-dollar transactions with [the Asian] company.”
The emails, which “purported” to be from employees and agents of the Asian firm, and were sent from fake email accounts, directed money for legitimate goods and services into Mr Rimasauskas’s accounts, the DoJ said.
The cash was then “wired into different bank accounts” in locations around the world – including Latvia, Cyprus, Slovakia, Lithuania, Hungary and Hong Kong.
He also “forged invoices, contracts and letters” to hide his fraud from the banks he used.
Officials said Mr Rimasauskas siphoned off more than $100m in total, although much of the stolen money has been recovered.
Acting US Attorney Joon H Kim said: “This case should serve as a wake-up call to all companies… that they too can be victims of phishing attacks by cybercriminals.
“And this arrest should serve as a warning to all cybercriminals that we will work to track them down, wherever they are, to hold them accountable.”
The DoJ would not comment on possible extradition arrangements and said that no trial date had been set.