By Chris Baraniuk, Technology reporter
Google and Facebook have confirmed that they fell victim to an alleged $100m (£77m) scam.
In March, it was reported that a Lithuanian man had been charged over an email phishing attack against “two US-based internet companies” who were not named at the time.
They had allegedly been tricked into wiring more than $100m to the alleged scammer’s bank accounts.
On 27 April, Fortune reported that the two victims were Facebook and Google.
In a statement, Google said that it was one of the victims.
“We detected this fraud against our vendor management team and promptly alerted the authorities,” a spokeswoman said.
“We recouped the funds and we’re pleased this matter is resolved.”
However, the firm did not reveal how much money it had transferred and recouped.
Nor did Facebook – but a spokeswoman said: “Facebook recovered the bulk of the funds shortly after the incident and has been cooperating with law enforcement in its investigation.”
Big firms targeted
“Sometimes staff [at large firms] think that they are defended, that security isn’t part of their job,” said James Maude at cyber-security firm Avecto, commenting on the phishing threat facing big companies.
“But people are part of the best security you can have – that’s why you have to train them.”
He also told the BBC that Avecto’s clients have recounted phishing attempts that used senior staff’s hacked email accounts to convince employees that a request to wire out money was genuine.
The sophistication of phishing scams has increased lately, according to a recent Europol report.
In order to avoid succumbing to such fraud, firms are advised to carefully verify new payment requests before authorising them.
Source: http://www.bbc.co.uk/