Google and Facebook have been revealed as the victims of a Lithuanian fraudster, who allegedly used an email phishing scam to trick the US tech giants out of over $100 million.

According to an indictment released by the US Justice Department last month, 48-year-old Evaldas Rimasauskas from Vilnius began contacting the accounting departments of the two companies in 2013 using convincing fake email addresses and letterheads impersonating Quanta Computer, a large Taiwanese tech parts supplier used by both Google and Facebook, which were referred to only as Company-1 and Company-2. Using “forged invoices, contracts, and letters,” Rimasauskas persuaded the companies’ employees to wire millions of dollars intended for real purchases, to impostor accounts actually owned by him. He then stashed the massive sums in banks all over Eastern Europe.

It is unclear how soon the victims noticed they were missing millions of dollars or when they alerted the authorities, but according to American investigators, Rimasauskas was able to get away with the scam until 2015. Both Google and Facebook say that investigators were able to trace the money, and most of it has been returned.

“We detected this fraud against our vendor management team and promptly alerted the authorities. We recouped the funds and we’re pleased this matter is resolved,” said Google in a statement.

Facebook said it had “recovered the bulk of the funds shortly after the incident and has been cooperating with law enforcement in its investigation.”

Despite the first sealed indictment coming against Rimasauskas last December, he was only arrested in Lithuania this month. He is now facing wire fraud, money laundering, and identity theft charges that could land him in prison for decades. The accused insists he is innocent and vows to fight extradition to the US.

“Mr. Rimasauskas cannot expect a fair and impartial trial in the USA. The uncertainty is further increased taking into account the behavior of FBI agents during the interrogations of Mr. Rimasaukas, frightening him with long years in US prisons, and the transfer of computers to US law enforcement officials, which was made without the presence of the owner,” Linas Kuprusevicius, Rimasauskas’ lawyer, wrote to Fortune on Thursday, after it broke the story about the identities of the victims.

Last June, the FBI reported that companies had been defrauded out of $3.1 billion over the previous 18 months. Among the most common methods were hacking a CEO’s account and then impersonating him to internally order a wire transfer to the fraudster’s account, directly contacting a bank from a compromised account, posing as an attorney, or impersonating a foreign company, as in the Rimasauskas case.

Individual victims may be subjected to less personalized attacks, such as being redirected to a fake website to make a supposedly legitimate payment, or being asked to provide their credit card details after being sent a fake email that appears to be from their bank.