Google and Facebook have confirmed that they fell victim to an alleged $100m (£77m) scam.
In March, it was reported that a Lithuanian man had been charged over an email phishing attack against “two US-based internet companies” who were not named at the time.
They had allegedly been tricked into wiring more than $100m to the alleged scammer’s bank accounts.
On 27 April, Fortune reported that the two victims were Facebook and Google.
“We detected this fraud against our vendor management team and promptly alerted the authorities,” a spokeswoman for Google said in a statement.
“We recouped the funds and we’re pleased this matter is resolved.”
However, the firm did not reveal how much money it had transferred and recouped.
Nor did Facebook – but a spokeswoman said: “Facebook recovered the bulk of the funds shortly after the incident and has been cooperating with law enforcement in its investigation.”
Big firms targeted
“Sometimes staff [at large firms] think that they are defended, that security isn’t part of their job,” said James Maude at cyber-security firm Avecto, commenting on the phishing threat facing big companies.
“But people are part of the best security you can have – that’s why you have to train them.”
He also told the BBC that Avecto’s clients have recounted phishing attempts that used senior staff’s hacked email accounts to convince employees that a request to wire out money was genuine.
The sophistication of phishing scams has increased lately, according to a recent Europol report.
In order to avoid succumbing to such fraud, firms are advised to carefully verify new payment requests before authorising them.