The Department of Justice on Tuesday reported the arrest of a Lithuanian man, who allegedly conned employees at two U.S. tech firms into making $100 million in bank transfers to a phony supplier.
In a press release describing the arrest, the agency said 48-year-old Evaldas Rimasauskas used email to impersonate a real Asian supplier, and tricked them into wiring money to a bank account he controlled.
To make the scheme more convincing, Rimasauskas also used forged invoices that appeared to be from the tech company executives, and created fake corporate stamps with the companies’ names.
The Justice Department did not, however, name the two companies but instead described one as a “multinational technology company, specializing in Internet-related services and products” and the other as “a multinational corporation providing online social media and networking services.”
The agency also said both are headquartered in the U.S., and that the supplier (which Rimasauskas impersonated) is an “Asian-based manufacturer of computer hardware [that] provides goods and services to various technology companies around the world.”
Get Data Sheet, Fortune‘s technology newsletter.
There are few U.S. tech companies that both match the descriptions above and that regularly make bank transfers worth tens of millions to Asian suppliers—but none have publicly acknowledged being victim of such a scam, which allegedly occurred between 2013 and 2015.
According to the Justice Department, Rimasauskas quickly wired the stolen funds he received into other banks around the world, including in Latvia, Cyprus, Slovakia, Lithuania, Hungary, and Hong Kong.
Joon H. Kim, the Acting U.S. Attorney for the Southern District of New York, suggested that a good part of the money has been recovered.
“We thank the companies and their banks for acting quickly, coming forward promptly, and cooperating with law enforcement; it led not only to the charges announced today, but also the recovery of much of the stolen funds,” Kim said in a statement.
Rimasauskas has been charged with money laundering, wire fraud and aggravated identify theft, and could face decades in prison if the is convicted.
For more about hacking, watch:
Tuesday’s announcement also points to the ongoing problem of cyber crooks running email-based “phishing scams,” which are hard to defend against because the fake emails appear to come from someone the victim knows and trusts. Earlier this month, the cybersecurity company FireEye reported that email scammers were targeting corporate lawyers and compliance officers with emails that appeared to be from the Securities and Exchange Commission.