They had allegedly been tricked into wiring more than $100m to the alleged scammer's bank accounts.
On 27 April, Fortune reported that the two victims were Facebook and Google.
The man accused of being behind the scam, Evaldas Rimasauskas, 48, allegedly posed as an Asia-based manufacturer and deceived the companies from at least 2013 until 2015.
"Fraudulent phishing emails were sent to employees and agents of the victim companies, which regularly conducted multimillion-dollar transactions with [the Asian] company," the US Department of Justice (DOJ) said in March.
These emails purported to be from employees of the Asia-based firm, the DOJ alleged, and were sent from email accounts designed to look like they had come from the company, but in fact had not.
The DOJ also accused Mr Rimasauskas of forging invoices, contracts and letters "that falsely appeared to have been executed and signed by executives and agents of the victim companies".
"We detected this fraud against our vendor management team and promptly alerted the authorities," a spokeswoman for Google said in a statement.
"We recouped the funds and we're pleased this matter is resolved."
However, the firm did not reveal how much money it had transferred and recouped.
Nor did Facebook - but a spokeswoman said: "Facebook recovered the bulk of the funds shortly after the incident and has been cooperating with law enforcement in its investigation."
Big firms targeted
"Sometimes staff [at large firms] think that they are defended, that security isn't part of their job," said James Maude at cyber-security firm Avecto, commenting on the phishing threat facing big companies.
"But people are part of the best security you can have - that's why you have to train them."
He also told the BBC that Avecto's clients have recounted phishing attempts that used senior staff's hacked email accounts to convince employees that a request to wire out money was genuine.
The sophistication of phishing scams has increased lately, according to a recent Europol report.
"CEO fraud" - in which executives are impersonated by the scammer - was a particular worry.
"The request is usually time-sensitive and often coincides with the close of business hours to make verification of the request difficult," the report explained.
"Such attacks often take advantage of publicly reported events such as mergers, where there may be some degree of internal flux and uncertainty."
In order to avoid succumbing to such fraud, firms are advised to carefully verify new payment requests before authorising them.