Man stole $122m from Facebook and Google by sending them random bills, which the companies dutifully paid

Originally published at:


It’s illegal in the UK and in various american states, but in some states of the USA it is perfectly (!) legal to send an invoice or a bill for services you have not provided in any way. Big companies do not always check. People make a living doing that. It shocked me when I found this out.


Google and Facebook? Ah, an amateur’s mistake. While they do have a lot of money to keep track of, they’re greedy like dragons and will eventually notice.

Rather than doing some jail time, if he’d done that properly with the US military, he could have been a respected Republican or Centerist Democrat supporter.


Wouldn’t it be more clever to just steal like 1 to 10 millions instead of >100? I mean, at some point it will become too obvious …


I routinely get fraudulent SEO spam about “renewing service” when my domain names are up for renewal. One stood out recently because of its enchantingly desperate subject line “Pay Attention

It’s formatted as a bill, with fake account numbers and what not (they have my real name and address from the WHOIS database), and it’s headed “Domain Service Expiration Notice”, though it doesn’t say what service. It threatens “account suspension (making it difficult for your customers and friends to locate you, using search engines on the web)”. And then, in a separate sentence, it says “You must renew your domain name to retain exclusive rights to it on the Web [sic].” Which is true, of course, except this email is nothing to do with that. The truly precious part is the fine print, in light grey 4-point text on a white background (emphasis added):

This Email contains information intended only for the individuals or entities to which it is addressed. If you are not the intended recipient or the agent responsible for delivering it to the intended recipient, or have received this Email in error, please notify immediately the sender of this Email at the Help Center and then completely delete it. Any other action taken in reliance upon this Email is strictly prohibited, including but not limited to unauthorized copying, printing, disclosure, or distribution. We do not directly register or renew domain names. This is not a bill or an invoice. This is a optimization offer for your webside. You are under no obligation to pay the amount stated unless you accept this purchase offer. Promotional material is stricly along the guidelines oft he can-spam act of 2003. They are in no way misleading. You have received this message because you elected to recieve notificaton offers. [Unsubscribe here] if you no longer wish to receive our notifications. Thank you for your cooperation.

The author (who I picture as the character “Funny Feet” from the underrated 1997 movie Mimic) is clearly too excited by its own amateur-lawyer cunning to type straight. If it weren’t too pathetic for anyone to bother suing, I would pay cash money to watch this individual defend itself in court.


I have a hard time with

“stole” from google and FB

in the context of these companies (and most BiggerThanLife-companies in general) how they get “their” money.


At the contrary, he should have stolen much more. Enough that the companies were willing to drop any charges in exchange for getting most of it back. Or he should have moved to a country with no extradition treaty with USA. The latter is probably simpler.


When is he joining the Trump administration?


Didn’t some guy try suing a company like this a few years ago? I can’t seem to find the story now but I think I remember it.

As for getting these kind of emails, you need WHOIS privacy and they will go away. A registrar like Namecheap will bundle it to you for free when you get a domain from them.


I feel like small portion of that belongs to me for my stolen information.


Get yourselves a decent finance software package and some people you can trust. This can’t and doesn’t happen. Lazy, cheap a$$holes.




There’s an app for that.

1 Like

I’d be very interested in the particulars (out of curiousity, not as a possible business venture), because it just sounds specious. With this case in particular, there was overwhelming evidence of fraud and his intent to defraud.

I hope you’re not proposing that if Rimasauskas had simply promoted his scheme from a certain US state (rather than Lithuania), he would not have been prosecuted.


Right? I mean if you’re gonna defraud a corporation … those are definitely the ones to go for. Amazon too, maybe.


Well if it from Mar-a-lago, it would be perfectly fine.


I sure hope so

As for getting these kind of emails, you need WHOIS privacy and they will go away.

It’s irrelevant for spam (nearly all uses leaked or guessed addresses). I’ve always used my own details for because if someone wants to find out where I live, they will, and I’m not going to feed their fantasy that it makes them clever. Plus, when I first registered it decades ago, registrars were still charging for DNS “privacy”, and I wasn’t going to pay for it.

1 Like

By any chance a mustachioed gentleman?



Take the money- and run! it’s a two step process.

He should have cashed out at $50 million and retired to Argentina as Juan Rodriguez. Get those papers in order ahead of time - and start transferring to bearer bonds!

Don’t get greedy - you make yourself the mark then.