5 biggest phishing attacks in world history

From 2013 to 2015 these two behemoths got phished for at least $100 million each. “How”, you ask? A Lithuanian man orchestrated a fraudulent scheme designed to deceive these companies. He impersonated a large Asian company named Quanta and took advantage of the fact that both Facebook and Google were clients of Quanta. He sent fake invoices and forged contracts which were then signed by executives. They managed to get away with it for two years. The Phisher was arrested in 2017 and was extradited to the USA where he was sentenced to 5 years in a federal prison.

During the fall of 2014 hackers gained access to Sony Pictures Entertainment. At first it was thought that the company was compromised due to phishing attacks directed at system engineers and network administrators where they had to verify their Apple accounts. It is then suspected that the attackers tried to get inside counting on the employees using the same password for their company accounts (which is not unusual). However, later was discovered that the attackers first got in through spear phishing followed by the forged Apple mails. The perpetuators stole more than 100 Terabytes worth of data and later crippled Sony’s PCs with malware that erased the machines’ hard drives. The loss is estimated to be more than $100 million.

Yes. Even blackouts can be the result of a sophisticated phishing attack towards a company. In 2015 Ukrainian power plant operators fell victim to spear phishing emails. The cybercriminals then gained access to the systems and uploaded malware. This malware, called “KillDisk” had a huge impact on the industrial control systems causing not only power outages, but it also slowed down the restoration process. These repercussions for not having the adequate measures to counter phishing were previously only imagined to be fiction and not even possible in real life.

While there may not have been any damage - unlike the Ukrainian one - this one still serves as a warning towards everyone. In 2016, according to a report from the US Department of Homeland Security, several organisations in the energy, aviation, construction, nuclear and even critical manufacturing sectors were affected by an attack orchestrated by Russian hackers. However, these attacks were not sent by the Russians but rather small companies that these larger companies trusted. The hackers had infiltrated the smaller companies through phishing and then took advantage of said trust to phish the bigger fish.

This last one could have had an enormous impact. Twitters’ cybersecurity is usually really tight, because they keep a close eye on inconsistencies, especially from celebrities. Nonetheless, Twitter also suffered from a phishing attack last year. Reportedly, somebody was impersonating an employee asking for new credentials because he or she forgot theirs. When the attacker got in, he was able to access popular Twitter accounts such as Barack Obama’s and Kanye West’s and post that their followers should send them bitcoins. The impersonator promised to double them if they did. Twitter had to take drastic measures and temporarily shut down all verified accounts till the exposed employee account was found. Since the incident Twitter has upgraded their security and permissions policy. They even train their employees to identify phishing and stop it.

When criminals stepped out of the boundaries of pickpocketing and other physical atrocities, they got familiar with the digital world. That’s when they started to exploit vulnerabilities in operating systems and other technological advances. Nowadays however, these vulnerabilities have been discovered and are ever so rare. They had to get creative and go back to their old ways of manipulating unknowing victims to get access to their bounties. And that’s how phishing was born. The abovementioned attacks are just the biggest phishing attacks in the history of phishing attacks. We have mentioned regular phishing and spear-phishing; these are the most popular phishing attacks. However, we also have CEO-fraud, Whale-phishing, smishing and vishing and a lot more that ends with -ishing. The core will always be to try to get your personal details for evil purposes.

Upgrade your security. Even for smaller companies, cybersecurity is of utmost importance. There are different ways of preventing such things from happening, but the most efficient way is by training your colleagues. It is so much easier to fall prey to phishing than you think. Let your employees know of the dangers of phishing and how to recognize them. However, we can also help you. We can offer you phishing attack training and train your employees by sending them simulations of would-be phishing e-mails and teach them what to do if they do happen to fall prey to phishing.