Man Scams Google & Meta Out of $122M in Fake Bills

In one of the most audacious cybercrime cases in tech history, a man managed to deceive two of the world’s largest technology giants—Google and Meta (formerly Facebook)—out of a staggering $122 million by simply sending them fake invoices. The story, equal parts shocking and baffling, has left many wondering: how could such a massive fraud go undetected?

• $122M fraud orchestrated through fake invoices.

• Victims: Tech giants Google and Meta.

• Fraudster: A man from Lithuania named Evaldas Rimasauskas.

• Method: Impersonated a legitimate tech supplier.

• Timeframe: Scam lasted over two years before detection.

• Outcome: Arrest, extradition, and prison time for the culprit.

The man responsible is Evaldas Rimasauskas, a Lithuanian national. He pulled off this massive fraud between 2013 and 2015, during which time he impersonated Quanta Computer, a real and well-known hardware supplier from Taiwan that both Google and Meta had business relationships with.

Rimasauskas created fake email accounts, invoices, and corporate stamps that made it appear as if Quanta was requesting payment for legitimate services. He then sent these forged documents to the finance departments of both tech firms—who, incredibly, paid the invoices without verifying their authenticity.

Here’s a breakdown of the clever yet surprisingly simple method Rimasauskas used:

• Step 1: He registered a company with the same name as Quanta Computer in Latvia.

• Step 2: Set up spoofed email addresses to resemble Quanta employees.

• Step 3: Sent out fake purchase orders and invoices to Google and Meta.

• Step 4: Created forged signatures and documents to support the requests.

• Step 5: Provided bank account details where the payments were to be wired.

Because both tech companies had existing business with the real Quanta, these fake requests didn’t raise any red flags—until it was too late.

The $122 million wasn't just sitting in a single account. Rimasauskas spread the funds across multiple bank accounts in different countries, including:

• Latvia

• Cyprus

• Slovakia

• Hong Kong

• Hungary

This made it difficult to trace and retrieve the stolen money. However, authorities did manage to recover a significant portion of the funds after catching on to the fraud.

Rimasauskas was arrested in March 2017 by Lithuanian authorities and extradited to the United States to face trial.

Legal consequences:

• Plea: Guilty to wire fraud and money laundering.

• Sentence: 5 years in prison, imposed in 2019.

• Fine & restitution: Required to forfeit $50 million.

The U.S. Department of Justice praised the investigation and prosecution as a warning against corporate complacency.

Both companies cooperated fully with authorities and acknowledged they had been defrauded.

• Google released a statement noting that they had detected the fraud internally and alerted law enforcement.

• Meta also confirmed the incident, stating that they had recovered most of the funds.

Importantly, neither company disclosed any customer data breaches, emphasizing that the fraud was purely financial in nature.

This isn’t an isolated case. Invoice fraud is one of the fastest-growing cybercrime tactics, especially targeting:

• Tech companies

• Startups

• Non-profits

• Government departments

According to the FBI’s Internet Crime Complaint Center (IC3), business email compromise (BEC) schemes resulted in $2.7 billion in losses in 2022 alone.

Cybersecurity professionals have reacted strongly:

“This case proves that even the most sophisticated companies are vulnerable to simple deception,”
James Lewis, Center for Strategic and International Studies

“It’s not about tech loopholes. It’s about human trust being exploited.”
Mira Kamdar, Cybercrime Analyst

While it's easy to laugh at the idea of two trillion-dollar companies being duped by random emails, this incident reveals a deeper issue: over-reliance on automation and insufficient human verification.

No matter how big or small your business is, financial fraud can hit hard if you don’t put proper systems in place.