Joon H. Kim, the Acting United States Attorney for the Southern District of New York, and William F. Sweeney Jr., the Assistant Director-in-Charge of the New York Office of the Federal Bureau of Investigation (“FBI”), announced criminal charges against EVALDAS RIMASAUSKAS for orchestrating a fraudulent business email compromise scheme that induced two U.S.-based internet companies (the “Victim Companies”) to wire a total of over $100 million to bank accounts controlled by RIMASAUSKAS. RIMASAUSKAS was arrested late last week by authorities in Lithuania on the basis of a provisional arrest warrant. The case has been assigned to U.S. District George B. Daniels.

Acting U.S. Attorney Joon H. Kim said: “From half a world away, Evaldas Rimasauskas allegedly targeted multinational internet companies and tricked their agents and employees into wiring over $100 million to overseas bank accounts under his control. This case should serve as a wake-up call to all companies – even the most sophisticated – that they too can be victims of phishing attacks by cyber criminals. And this arrest should serve as a warning to all cyber criminals that we will work to track them down, wherever they are, to hold them accountable. The charges and arrest in this case were made possible thanks to the terrific work of the FBI and the cooperation of the victim companies and their financial institutions. We thank the companies and their banks for acting quickly, coming forward promptly, and cooperating with law enforcement; it led not only to the charges announced today, but also the recovery of much of the stolen funds.”

FBI Assistant Director William F. Sweeney Jr. said: “As alleged, Evaldas Rimasauskas carried out a business email compromise scheme creatively targeting two very specific victim companies. He was initially successful, acquiring over $100 million in proceeds that he wired to various bank accounts worldwide. But his footprint would eventually lead investigators to the truth, and today we expose his lies. Criminals continue to commit a wide variety of crimes online, and significant cyber data breaches have had a negative impact across a variety of industries. The FBI will continue to work with our domestic and international partners to pursue criminals who engage in this type of activity, wherever they may be hiding.”

According to the allegations contained in the Indictment unsealed today[1]:

From at least in or around 2013 through in or about 2015, RIMASAUSKAS orchestrated a fraudulent scheme designed to deceive the Victim Companies, including a multinational technology company and a multinational online social media company, into wiring funds to bank accounts controlled by RIMASAUSKAS. Specifically, RIMASAUSKAS registered and incorporated a company in Latvia (“Company-2”) which bore the same name as an Asian-based computer hardware manufacturer (“Company-1”), and opened, maintained, and controlled various accounts at banks located in Latvia and Cyprus in the name of Company-2. Thereafter, fraudulent phishing emails were sent to employees and agents of the Victim Companies, which regularly conducted multimillion-dollar transactions with Company-1, directing that money the Victim Companies owed Company-1 for legitimate goods and services be sent to Company-2’s bank accounts in Latvia and Cyprus, which were controlled by RIMASAUSKAS. These emails purported to be from employees and agents of Company-1, and were sent from email accounts that were designed to create the false appearance that they were sent by employees and agents of Company-1, but in truth and in fact, were neither sent nor authorized by Company-1. This scheme succeeded in deceiving the Victim Companies into complying with the fraudulent wiring instructions.

After the Victim Companies wired funds intended for Company-1 to Company-2’s bank accounts in Latvia and Cyprus, RIMASAUSKAS caused the stolen funds to be quickly wired into different bank accounts in various locations throughout the world, including Latvia, Cyprus, Slovakia, Lithuania, Hungary, and Hong Kong. RIMASAUSKAS also caused forged invoices, contracts, and letters that falsely appeared to have been executed and signed by executives and agents of the Victim Companies, and which bore false corporate stamps embossed with the Victim Companies’ names, to be submitted to banks in support of the large volume of funds that were fraudulently transmitted via wire transfer.

Through these false and deceptive representations over the course of the scheme, RIMASAUSKAS, the defendant, caused the Victim Companies to transfer a total of over $100,000,000 in U.S. currency from the Victim Companies’ bank accounts to Company-2’s bank accounts.

* * *

RIMASAUSKAS, 48, of Vilnius, Lithuania, is charged with one count of wire fraud and three counts of money laundering, each of which carries a maximum sentence of 20 years in prison, and one count of aggravated identity theft, which carries a mandatory minimum sentence of two years in prison.

The maximum potential sentences are prescribed by Congress and are provided here for informational purposes only, as any sentencing of the defendant will be determined by the judge.

Mr. Kim praised the outstanding investigative work of the FBI, and thanked the Prosecutor General’s Office of the Republic of Lithuania, the Lithuanian Criminal Police Bureau, the Vilnius District Prosecutor’s Office and the Economic Crime Investigation Board of Vilnius County Police Headquarters for their assistance in the investigation and arrests, as well as the Department of Justice’s Office of International Affairs.

The case is being prosecuted by the Office’s Complex Frauds and Cybercrime Unit. Assistant U.S. Attorney Eun Young Choi is in charge of the prosecution. Assistant U.S. Attorney Edward Diskant is handling the forfeiture aspects of the prosecution.

The charges contained in the Indictment are merely accusations, and the defendant is presumed innocent unless and until proven guilty.