导读:近日,谷歌和脸书透露了自己就是早期一起互联网经济诈骗案的受害者,如今已追回被骗款项。两家顶级的互联网公司遭遇如此案件无疑具有一定的讽刺意味,我们一起来看看事情的经过。
In March, it was reported that a Lithuanian man had been charged over an email phishing attack against "two US-based internet companies" who were not named at the time.
据报道,今年三月份,两家美国的不知名互联网公司控诉一名立陶宛男子,称他通过邮件进行网络钓鱼攻击。
They had allegedly been tricked into wiring more than $100m to the alleged scammer’s bank accounts.
据说,他们被诱导往涉嫌诈骗者的银行账户里汇款超过一亿美元。
On 27 April, Fortune reported that the two victims were Facebook and Google.
据美国财富杂志4月27日报道,两家受害的互联网公司分别是Facebook和Google.
The man accused of being behind the scam, evaldas Rimasauskas, 48, allegedly posed as an Asia-based manufacturer and deceived the companies from at least 2013 until 2015.
据悉,诈骗案的嫌疑人是一名48岁的名叫evaldas Rimasauskas的立陶宛男子,他伪装成亚洲的制造商,从2013到2015年持续诈骗。
"Fraudulent phishing emails were sent to employees and agents of the victim companies, which regularly conducted multimillion-dollar transactions with [the Asian] company," the US Department of Justice (DOJ) said in March.
美国司法部(DOJ)3月份表示:“欺诈性的网络钓鱼邮件被发送给受害公司的雇员和代理人,这些公司定期与这家所谓的亚洲公司公司有着数百万美元的交易
These emails purported to be from employees of the Asia-based firm, the DOJ alleged, and were sent from email accounts designed to look like they had come from the company, but in fact had not.
美国司法部表示,这些邮件被伪装成是来自亚洲公司的雇员的邮件,但事实并非如此。
The DOJ also accused Mr Rimasauskas of forging invoices, contracts and letters "that falsely appeared to have been executed and signed by executives and agents of the victim companies".
司法部还指控Mr Rimasauskas伪造发票、合同和信件,并且成功地瞒天过海,让受害公司地执行官和代理人落入陷阱。
"We detected this fraud against our vendor management team and promptly alerted the authorities," a spokeswoman for Google said in a statement.
Google发言人在声明中表示,当我们侦测到这是针对我们代理商地诈骗时就及时通知了当局。
"We recouped the funds and we’re pleased this matter is resolved."
我们很高兴收回了资金并解决了这个问题。
However, the firm did not reveal how much money it had transferred and recouped.
然而,Google并未言明他们汇款和收回的资金数额。
Nor did Facebook - but a spokeswoman said: "Facebook recovered the bulk of the funds shortly after the incident and has been cooperating with law enforcement in its investigation."
Facebook同样如此,但该公司的发言人称Facebook在事件发生不久后就回收了大部分资金并且一直在与执法部门进行调查合作。
"Sometimes staff [at large firms] think that they are defended, that security isn’t part of their job," said James Maude at cyber-security firm Avecto, commenting on the phishing threat facing big companies.
网络安全公司Avecto的James Maude在针对大型公司面临网络钓鱼攻击评论说,大型公司的员工通常自我防护意识薄弱,因为他们认为安全保障不是他们的分内之事。
"But people are part of the best security you can have - that’s why you have to train them."
但是员工自身才是最好的安全保障,这就是为什么公司需要训练他们的原因。
He also told the BBC that Avecto’s clients have recounted phishing attempts that used senior staff’s hacked email accounts to convince employees that a request to wire out money was genuine.
他同时还告诉BBC说Avecto的客户说这些网络钓鱼者还通过黑掉高级职员的邮件账户,以此来增加让员工汇款的真实性。
The sophistication of phishing scams has increased lately, according to a recent Europol report.
据欧盟最近的一份报告显示,网络钓鱼的作案手法越来越娴熟。
"CEO fraud" - in which executives are impersonated by the scammer - was a particular worry.
高管们被诈骗者冒充的“CEO欺诈”是一个极大的问题。
"The request is usually time-sensitive and often coincides with the close of business hours to make verification of the request difficult," the report explained.
报告说,这些请求的时间是敏感的,通常是在临近下班前发出,这就使得信息的验证变得很困难。
"Such attacks often take advantage of publicly reported events such as mergers, where there may be some degree of internal flux and uncertainty."
这种攻击常常利用兼并这种公开报道的事件,因为通常此时公司内部有很大的不确定性。
In order to avoid succumbing to such fraud, firms are advised to carefully verify new payment requests before authorising them.
为了避免发生这类诈骗,建议企业在授权之前,仔细验证付款的请求。