Email Security Blog

Big Phish: Strategies Behind the Largest Phishing Attacks of All Time

Striking it rich usually takes a lot of luck. It’s been known to happen with the right Mega Millions ticket, the perfect Vegas slot machine, and the savviest stock investment. The problem with all of these get-rich-quick-schemes is that the odds of hitting it big can literally be 1 in 300,000,000. In the world of cybercrime, there are much easier ways of bringing in a big score.

In 2019, the FBI’s cybercrime unit fielded and average of 1,300 complaints a day.1 Considering that 91% of cyberattacks start with a phishing email,2 and that Business Email Compromise (BEC) alone account for $1.7 billion in stolen revenue, it’s clear hackers prefer phishing to gambling.

So, how much money can a skilled cybercriminal make? Let’s take a look at some of the largest email phishing disasters, how they were pulled off, and how lucrative they were.

 

COMPANY

PHISHING TACTIC

TOTAL HEIST

Google

Business Email Compromise (BEC), fake invoices and contracts

$23,000,000

Facebook

Business Email Compromise (BEC), Fake invoices and contracts

$98,000,000

Crelan Bank

Whaling attack email, CEO Impersonation

$75,000,000

FACC (Austria)

Business Email Compromise (BEC), CEO Impersonation

$61,000,000

Upsher-Smith Laboratories

Phishing emails, legal and CEO Impersonation

$50,000,000

Ubiquiti Networks

Social Engineering

$47,000,000

Leoni (Germany)

Spear Phishing and Whaling Attack

$44,000,000

Xoom Corporation

Business Email Compromise (BEC) wire transfer

$31,000,000

Pathé (France)

Business Email Compromise (BEC) wire transfer

$21,000,000

Technimount spA

CEO Impersonation

$18,000,000

The Scoular Company

Spear Phishing

$17,000,000

MacEwan University

A phishing email, vendor payment scam

$12,000,000

Mattel

Ransomware

$3,000,000

 

In order to identify, prevent, and stop phishing attacks of this, or any size, you need a third party’s assistance. INKY offers a relentlessly effective level of email security, capable of detecting and stopping every type and size of phishing threats. Aside from the phishing tactics mentioned above, INKY’s Phish Fence can spot hidden text, zero fonts, brand forgery, domain spoofing, account takeovers, and threats no one has ever seen before. That’s because INKY provides a level of ingenuity that is unlike other email security platforms. Using computer vision, artificial intelligence, and machine learning, INKY sees things the way humans do, recognizing logos, brand colors, email signatures, and more — but it also sees the millions of things humans can’t, spotting imposters by as little as a pixel. INKY is also compatible with every email platform, installing in no time.

If you’d like to learn more about the strategies behind the largest phishing attacks of all time, take a few minutes to review INKY’s on-demand webinar, entitled “90% Isn’t Enough”. You’ll see why settling for an email security platform that catches “most” phishing threats can be a very costly mistake.

Or, if you’d like to see INKY in action, schedule a free demonstration.

----------------------

INKY® is the emerging hero in the war against phishing. An award-winning cloud-based email security solution, INKY® prevents the most complex phishing threats from disrupting or even immobilizing your company’s day-to-day business operations. Using computer vision, artificial intelligence, and machine learning, INKY® is the smartest investment you can make in the security of your organization. INKY® is a proud winner of the NYCx Cybersecurity Moonshot Challenge and finalist in the 2020 RSAC Innovation Sandbox Competition. Learn more about INKY® or request an online demonstration today.

1Source: https://www.fbi.gov/news/stories/2019-internet-crime-report-released-021120

2Source: https://www2.deloitte.com/my/en/pages/risk/articles/91-percent-of-all-cyber-attacks-begin-with-a-phishing-email-to-an-unexpected-victim.html