In the ever-evolving landscape of cybersecurity threats, phishing attacks stand out as one of the most prevalent and insidious forms of cybercrime. Over the years, we’ve witnessed a plethora of phishing attacks targeting individuals, businesses, and even governments.
In this blog post, we’ll delve into the details of the top 10 famous phishing attacks that have left an indelible mark on the world of online security, revealing the tactics employed, the damage caused, and the lessons learned.
10 Phishing Attacks You Should Know
Although there are a lot of cyber attacks, we cannot disclose them all at once so I have come up with 10 expensive and famous Phishing Attacks of all time.
10. Ubiquiti Networks
In 2015, Ubiquiti Network fell victim to one of the worst CEO frauds of all time. It is not a common type of phishing attack yet very effective.
In CEO frauds, attackers pose as the senior executive of the company in order to get sensitive information or transfer money through employees of the company. And in order to impress the seniors, the employees tend to share all details without further delay.
An employee at Ubiquiti Networks fell victim to such a scam resulting in a loss of 39 million dollars.
FACC, an Austrian aerospace parts manufacturer, suffered a substantial loss to a BEC scam. In 2016, the company disclosed that a phisher, pretending to be the CEO, directed an employee in the accounting department to transfer $61 million to a bank account controlled by the attacker.
The organization’s decision to terminate and pursue legal action against its CEO and CFO was uncommon. The company claimed $11 million in damages from the two executives for their failure to adequately implement security controls and internal supervision that could have thwarted the attack. This legal action highlighted the personal liability that executives face for neglecting “due diligence” in cybersecurity.
8. Ukrainian Power Grid Blackout
On December 23, 2015, approximately 225,000 Ukrainian citizens faced a power outage at home due to an unexpected mass blackout. The blackout resulted from spear-phishing emails containing malware through Microsoft Office documents.
Although the outage lasted only about an hour, the electricity had to be manually restored, and the automatic management mode had to be turned off for an extended period due to the power grid’s firmware being infected with BlackEnergy malware designed to sabotage the grid.
What exacerbated the situation was the revelation, upon investigation, that the blackout was merely a trial run. Cybersecurity researchers later discovered that the BlackEnergy malware was easily adaptable and not limited to Ukraine.
This meant that the malware could potentially be used on various electric utilities and components to automate similar attacks across multiple countries. The researchers speculated that the hackers used Ukraine as a testing ground to develop and evaluate a platform for future attacks.
Although only 225,000 people lost access to electricity for an hour, this event deeply unsettled the cybersecurity world, demonstrating the potential for cyberattacks to affect people on a large scale.
7. Hillary Clinton Campaign Email Leak
It’s easy to feel like 2016 was 20 years ago, especially with the non-stop news cycle. The Hillary Clinton email breach of 2016 was one of the incidents that fueled the intense news coverage.
The content of the emails is not important to us, but the way they were obtained is relevant to this article. The method used was deceptively simple: someone sent an email to John Podesta, the Clinton campaign chairman, urging him to change his compromised Gmail password. A staff security member confirmed that this was a good idea and provided Podesta with a Google link to do so.
Instead, Podesta or whoever was managing his Gmail account clicked on the suspicious shortened link in the original email. Changing the password through the provided link actually gave the passwords to hackers pretending to be from Google. The rest is history.
The same method was used to hack Colin Powell’s emails at the Democratic National Convention.
6. Amazon Locky Ransomware Attack
In 2017, Amazon customers were targeted in a large-scale phishing attack. Depending on the source, the May 17 attack involved sending out anywhere from 30 million to 100 million fraudulent emails.
Pretending to be genuine Amazon shipping notifications, they were actually used to distribute ransomware to the recipients’ devices. It still stands as one of the largest phishing attacks in terms of sheer size.
The attack was quite sophisticated. The hackers altered the header to make the email look genuine. The email appeared to be from email@example.com and the subject line read “Your Amazon.com order has dispatched (#code).” However, the email contained no body, only a Microsoft Word file.
A curious person who downloads the file may be prompted to enable macros in order to open it, which would then allow Locky ransomware to be downloaded and installed on their device. Following this, the user would be required to pay a ransom ranging from 250$ – 500$ to regain access to their device. Amazon never disclosed the number of users impacted by this attack.
5. RSA Security
A well-timed and meticulously crafted phishing email can deceive anyone. This was demonstrated in the RSA Security hack of 2011, where network security experts contracted by the US Defense department to provide security solutions fell for a phishing email themselves.
Very little is known about the information disclosed in the RSA breach, and understandably, the company and the US Defense department have kept details about the breach under tight wraps. However, as a hack that penetrated the experts themselves, the RSA security breach has become one of the most well-known phishing scams.
4. The Nordea Bank Incident
In 2007, the Swedish bank Nordea lost more than 7 million kronor to phishers who successfully sent fake emails to bank customers, tricking them into installing the “haxdoor” Trojan disguised as anti-spam software.
McAfee, a digital security company, dubbed it the “biggest ever online bank heist.” Nordea customers received phishing emails with Trojan viruses that installed a keylogger on their computers. The victims were then directed to a fake bank website where hackers intercepted their login credentials.
While the exact blame can’t be reliably placed, it is worth noting that the majority of customers did not have a functioning antivirus installed on their machines.
3. Belgian Bank Scam
Phishing scams target businesses worldwide, with banks and other institutions conducting high-value financial transactions being prime targets.
While fraud checks and anti-phishing staff training are common in most banks, employees can still inadvertently expose money to cyber criminals.
Belgian bank Crelan became a target of such attack in which a phishing email convinced an employee to send over €70 million to unknown bank accounts – a mistake they’re not likely to repeat.
2. Sony Pictures
In November 2014, the criminal hacking group ‘Guardians of Peace’ released approximately 100 terabytes of data from Sony Pictures, a film studio. The attackers had set up their trap months in advance, as stated by Stuart McClure, the CEO of the computer security firm Cylance, who analyzed the leaked data.
McClure discovered that numerous high-ranking Sony executives, such as CEO Michael Lynton, were targeted with phishing emails that seemed to be from Apple. These emails requested ID verification and then directed the recipients to a fake website where their login details were captured.
The attackers used this information to access a large amount of data, including information about Sony Pictures employees and their families, private correspondences, and details about unreleased films. To make matters worse, the attackers also used a version of the Shamoon wiper malware to delete Sony’s computer infrastructure.
However, this seemed to be just the beginning of the fraudsters’ real intention. The perpetrators, later linked to a state-sponsored North Korean group, insisted that Sony pull its movie The Interview, a comedy about a scheme to assassinate the North Korean leader, Kim Jong-un.
They also threatened terrorist attacks at cinemas that screened the film, leading to many cinema chains choosing not to show it.
Given the unusual nature of the incident, determining the exact damages is challenging. However, Jim Lewis, a senior fellow at the Center for Strategic and International Studies, approximated that it cost Sony Pictures over $100 million (about €80 million at the time).
1. Facebook and Google
Between 2013 and 2015, two major tech firms were defrauded of $100 million (about €90 million at the time) through a fake invoice scam. The perpetrator, Evaldas Rimasauskas, targeted both companies, knowing they utilized the services of the Taiwanese infrastructure supplier Quanta Computer.
Over two years, he sent fraudulent multimillion-dollar invoices, complete with seemingly authentic contracts and letters bearing the forged signatures of Facebook and Google executives and agents.
Although the scam was eventually uncovered, legal action by Facebook and Google only managed to recover just under half of the stolen funds. Rimasauskas was apprehended, extradited from Lithuania, and subsequently sentenced to prison in December 2019.
As we reflect on these infamous phishing attacks, it becomes evident that cybersecurity is an ongoing battle that requires continuous adaptation and vigilance.
Understanding the tactics employed by cybercriminals, learning from historical incidents, and implementing robust security measures are essential in safeguarding against the ever-present threat of phishing attacks.
By staying informed and proactive, individuals and organizations can better protect themselves in the complex and dynamic digital landscape.