Accused $100M business email grifter arrested in Lithuania

A Lithuanian man charged with running a two year, $100 million email banking con against two unnamed U.S. tech multinationals was arrested last week by authorities.
(Getty images)

A Lithuanian man charged with running a two year, $100 million email banking con against two unnamed U.S. tech multinationals was arrested last week by authorities in his home country, federal prosecutors in New York said.

The 12-page indictment provides few details of the scam, which prosecutors say netted Evaldas Rimasauskas more than $100 million. The funds wired to Latvian and Cypriot banks, where he had opened accounts posing as “an Asian-based manufacturer of computer hardware.”

The victims are identified only as “a multinational technology company” and “a multinational online social media company,” both headquartered in the U.S.

This much is clear: Though the case involved spoofed email, this was a way more complicated scam than your common business email compromise scheme — an increasingly pervasive species of online fraud that relies on hacking executive or c-suite email addresses and then using them to socially engineer subordinates to make fraudulent payments.


By contrast, prosecutors said in a release, Rimasauskas sent email purporting to be from executives of the “Asian-based manufacturer of computer hardware,” identified only as Company #1, with whom both victim companies “regularly engaged in multi-million dollar transactions.”

The emails “direct[ed] that money the victim companies owed Company #1 for legitimate goods and services be sent to Company#2’s bank accounts.”

And this is where it gets interesting — and maybe offline, too. Rimasauskas submitted to banks “forged invoices, contracts, and letters that falsely appeared to have been executed and signed by executives and agents of the victim companies, and which bore false corporate stamps embossed with the victim companies’ names,”  to justify “the large volume of funds that were fraudulently transmitted via wire transfer.”

Prosecutors say the scheme dates back to “from at least in or about 2013” until Oct. 2015. They say that, even though much of the money was immediately wired away into “different bank accounts in various locations throughout the world, including Latvia, Cyprus, Slovakia, Lithuania, Hungary, and Hong Kong” much of the funds have been recovered.

Rimasauskas was arrested “late last week by authorities in Lithuania on the basis of a provisional arrest warrant,” prosecutors say, causing the indictment to be unsealed. The case has been assigned to U.S. District Judge George Daniels.


Rimasauskas is charged with one count of wire fraud and three counts of money laundering, each of which carries a maximum sentence of 20 years in prison, and one count of aggravated identity theft, which carries a mandatory minimum sentence of two years in prison.

Shaun Waterman

Written by Shaun Waterman

Contact the reporter on this story via email, or follow him on Twitter @WatermanReports. Subscribe to CyberScoop to get all the cybersecurity news you need in your inbox every day at

Latest Podcasts