Email Security Blog

5 of the Biggest Phishing Scams of All Time

Being duped. It’s one of the more sickening feelings you can ever have. With it comes anger, embarrassment, and generally, more anger. In the best-case scenarios, you might only be duped out of concert tickets or even the last cup of coffee. But imagine being duped out of hundreds of millions of hard-earned dollars, by a cybercriminal whose identity you may never even know. Take a moment to familiarize yourself with some of the biggest phishing scams of all times, and then consider how an ounce of prevention might save your company from ever making this list.

Sony Pictures

A series of spear phishing emails sent to Sony employees set this security breach into motion. After researching employee names and titles on LinkedIn, hackers posed as company colleagues, sending malicious emails containing malware to unsuspecting employees. In the end, more than 100 terabytes of company data was stolen, including newly released files, financial records, and customer data. All told, this phishing attack cost Sony more than $100 million.1

Google and Facebook

When giants in the tech field are fall prey to cybercrime, heads turn. In this instance, a business email compromise (BEC) campaign that began with one phishing email tuned into a money-making scheme that lasted for years. Posing as a computer parts vendor, this hacker sent a series of fake invoices between 2013 and 2015, which were paid by the companies. More than $100 million was paid out, though in the end the cybercriminal behind the scam was found in Lithuania, arrested, and extradited to the U.S. where he is serving five years in a federal prison.2,3

The Ukranian Power Grid Attack

In December of 2015, and as a result of a phishing email sent to a power plant employee, hackers were able to attack the Ukranian electric utility company and force a blackout. What was most worrisome about this security breach was the fact that it marked only the second time in history that malicious email contained malware that can automate a major power outage.4

Upsher-Smith Laboratories

In another case of CEO impersonation, hackers were able to convince this drug company’s accounts payable department to make nine wire transfers which totaled more than $50 million. Upsher-Smith Laboratories is seeking damages from the bank that handled the transfers, which reportedly missed “multiple red flags”, including one transfer with a beneficiary named “Sunny Billion Limited”.5

Ubiquiti Networks

Using employee and CEO impersonation for this phishing scam, hackers were able to steal $46.7 million from the tech company. The spear-phishing emails tricked employees into providing the usernames, passwords and account numbers necessary for the hackers to transfer funds out of an Ubiquiti subsidiary in Hong Kong to the hackers’ overseas accounts.6

Since 2015, the amount of money lost to cybercrimes has more than tripled.7 In fact, the FBI reported that in 2019, business email compromise (BEC) scams alone cost U.S. companies more than $1.7 billion.7 The best way to protect yourself from becoming a victim of cybercrime—regardless of your company’s size, is to have the very best and brightest prevention measures in place. INKY, the preferred anti-phishing solution for hundreds of companies nationwide, is relentlessly effective. INKY detects and blocks things virus protection software cannot. And, it is also uniquely intelligent—using real-time learning to understand sender and user profiles and prevent phishing. INKY® is also simple to set up and integrates seamlessly with any email platform. Its powers go well beyond that of virus protection software, keeping companies like yours safe and secure.

 

stimulus-phish-report-social

This blog was updated on August 31, 2021, and can be found here.

----------------------

INKY® is the emerging hero in the war against phishing. An award-winning cloud-based email security solution, INKY® prevents the most complex phishing threats from disrupting or even immobilizing your company’s day-to-day business operations. Using computer vision, artificial intelligence, and machine learning, INKY® is the smartest investment you can make in the security of your organization. INKY® is a proud winner of the NYCx Cybersecurity Moonshot Challenge and finalist in the 2020 RSAC Innovation Sandbox Competition. Learn more about INKY® or request an online demonstration today.

1Source: https://www.computerworld.com/article/2913805/sony-hackers-targeted-employees-with-fake-apple-id-emails.html

2Source: https://www.cnbc.com/2019/03/27/phishing-email-scam-stole-100-million-from-facebook-and-google.html

3Source: https://www.justice.gov/usao-sdny/pr/lithuanian-man-sentenced-5-years-prison-theft-over-120-million-fraudulent-business

4Source: https://www.wired.com/story/crash-override-malware/

5Source: https://www.fox9.com/news/ceo-spoofing-costs-drug-company-50-million

6Source: https://money.cnn.com/2015/08/10/technology/ubiquiti-hacked/?iid=EL