
Phishing incidents have been on the rise, and it's essential to be aware of the impact they can have. In 2013, a phishing attack on Yahoo Mail compromised 3 billion user accounts, exposing sensitive information.
The Yahoo breach was a massive one, but it's not the only example of a phishing incident's devastating effects. In 2017, a phishing attack on Uber compromised 57 million user accounts, leading to a significant loss of trust in the company.
The Uber breach was a wake-up call for the company, but it also highlighted the importance of robust security measures. In contrast, the 2013 LinkedIn breach resulted in 164 million user accounts being compromised, but it led to significant changes in the company's security practices.
Phishing incidents can have far-reaching consequences, from financial losses to damage to a company's reputation.
Discover more: 2022 Optus Data Breach
Notable Phishing Incidents
Phishing attacks have been a major threat to businesses and individuals alike, with millions of attempts made every day. In 2021, one in every 3,226 emails received by an executive was a whaling attack, which is a type of phishing attack aimed at high-profile targets like CEOs or top executives.
Whaling attacks rely heavily on advanced social engineering techniques, using highly personalized and convincing emails to trick leaders into authorizing large payments or sharing sensitive information. The stakes are high, with 59% of organizations reporting that at least one executive had been targeted.
In 2007, a global pharming attack targeted customers of more than 50 major financial institutions worldwide, including banks like Barclays, Bank of Scotland, PayPal, and American Express. The attack redirected users from legitimate banking websites to fraudulent replicas without their knowledge.
The Ukrainian power grid attack in 2015 was a high-profile case of a phishing attack on critical infrastructure. A phishing email enabled the attackers to access the network of Kyivoblenergo, a Ukrainian electricity distribution company, and force a blackout for over 200,000 customers.
The Crelan Bank whale phishing attack in 2016 resulted in a loss of €70 million, highlighting the vulnerability of even high-risk industries like financial institutions to phishing attacks. This attack underscores the importance of stronger endpoint security and DNS protection.
Spear phishing was also used in the Clinton Campaign Hack in 2016, which led to the leak of thousands of emails. Russian hackers used this tactic to access the email account of Hillary Clinton's campaign chairman.
Recommended read: Bank Phishing Scams
Email and SMS Scams
Email and SMS scams are a major threat to individuals and businesses alike. An estimated 3.4 billion phishing emails are sent daily across the globe, with cybercriminals using email phishing to impersonate legitimate companies or pretend to be someone familiar.
Adding layers like DomainKeys Identified Mail (DKIM) can significantly block phishing at the source. This can help protect your personal and financial information from falling into the wrong hands.
Smishing, or SMS phishing, is another type of phishing done through text messages to steal information or money. A zLabs Mishing Report reveals that India is the most vulnerable to smishing, with 37% of its population at risk, followed by the U.S. at 16% and Brazil at 9%.
A notable example of a business email compromise attack is the FACC incident, where an employee transferred an estimated $50 million to another account after receiving a seemingly routine email that appeared to come from the company's CEO.
Check this out: Phishing Vishing and Smishing
Email scams are a huge problem, with an estimated 3.4 billion phishing emails sent daily across the globe.
These emails often impersonate legitimate companies or pretend to be someone familiar, tricking victims into providing their login details.
Phishing emails can be very convincing, as seen in the case of the Lithuanian man who stole over $100 million from Facebook and Google by creating fake email accounts and sending carefully crafted phishing emails.
The scammer, Evaldas Rimasauskas, even managed to launder the money through banks in multiple countries, including Latvia, Cyprus, Slovakia, Lithuania, Hungary, and Hong Kong.
In another case, an employee at FACC, an Austrian aerospace parts manufacturer, received an email that appeared to come from the company's CEO, asking for a transfer of $50 million as part of an "acquisition project."
SMS Scams
SMS scams are a serious threat to our personal and financial security. India is the most vulnerable to smishing, with 37% of its population at risk.
Smishing, or SMS phishing, is a type of phishing done through text messages. This type of scam is particularly effective, with the U.S. at 16% and Brazil at 9% also being at risk.
It's alarming to think that these scams can be so widespread, but being aware of the risks is the first step to protection.
Business Email Compromise
Business Email Compromise is a type of phishing attack where attackers impersonate executives or employees to trick victims into transferring money.
In 2016, Austrian aerospace parts manufacturer FACC fell victim to a financially damaging BEC attack, losing an estimated $50 million.
BEC attacks can be devastating, as seen in the case of Ubiquiti Networks, which lost $46.7 million in 2015 after attackers impersonated senior executives and tricked employees into sending wire transfers.
The scam targeted a Ubiquiti subsidiary in Hong Kong, where funds were transferred to third-party accounts in other countries.
In the case of Facebook and Google, a Lithuanian scammer tricked them into paying over $100 million for fake invoices between 2013 and 2015.
The scam exploited trust in vendor relationships and the companies' payment processes, with Google losing about $23 million and Facebook losing around $98 million.
To stay ahead of BEC attacks, it's essential to have strict protocols for financial transactions and awareness training for staff to identify and respond to such phishing attempts.
Social Media and Online Scams
Social media and online scams are a major threat to individuals and businesses alike.
In 2023, attacks targeting social media platforms accounted for 22.5% of all cyberattacks in Q4, showing a decrease in this threat vector.
Scammers have made it easier to create convincing scams by exploiting people's online behavior, such as sharing job promotions or getting new dogs on platforms like Facebook and Instagram.
A Lithuanian man named Evaldas Rimasauskas stole over $100 million from Facebook and Google by creating forged email accounts of Taiwan-based Quanta Computer.
Rimasauskas' scam involved sending fake invoices, contracts, and letters to employees at Facebook and Google, falsely billing them for millions of dollars over two years.
Broaden your view: Social Media Optimization
Between 2013 and 2015, Rimasauskas' scam tricked Facebook out of around $98 million and Google out of about $23 million.
In 2021, Facebook (now Meta) took legal action against a large-scale phishing operation that targeted millions of users across its platforms, including Facebook, Instagram, WhatsApp, and Messenger.
The operation involved creating over 39,000 fake login websites to steal users' credentials by impersonating legitimate social media services.
Malvertising and Data Breaches
Malvertising scams can be sophisticated and deceiving, as seen in the case of Lowe's employees being targeted by a Google ad phishing scam in mid-August 2024. The attackers created fake websites resembling the official "MyLowe'sLife" employee portal, likely generated using AI to avoid suspicion.
In the Lowe's scam, employees who searched for "myloweslife" saw multiple fake ads appearing above or alongside the legitimate site, which led to a phishing page to steal usernames and passwords.
Malvertising can also lead to data breaches, as seen in the Target data breach in 2013, where criminals used phishing emails to compromise a third-party vendor, resulting in the theft of 40 million customer credit card details.
Worth a look: Malvertising
The Target breach was a costly one, with the company losing over $162 million. The incident highlights the importance of being cautious with emails and verifying the authenticity of websites.
Attackers often use fake websites to steal sensitive information, and in the Lowe's case, they even redirected users to the real Lowe's portal to make the incident appear like a simple glitch.
Suggestion: Search for Websites That Link to My Website
Other Notable Incidents
The Sony Pictures Entertainment hack in 2014 is a prime example of a massive phishing attack. Hackers, believed to be from North Korea, used spear phishing emails to gain access to Sony's network, stealing sensitive data including unreleased films, employees' personal information, and corporate documents.
Sony faced estimated financial losses of $100 million and suffered severe reputational damage. The hack also led to the cancellation of the theatrical release of movies and the leakage of unfinished films.
In 2015, a Ukrainian electricity distribution company, Kyivoblenergo, was taken down in a cyberattack. A phishing email enabled the attackers to access the company's network, using malware known as BlackEnergy to attack the computer and SCADA systems, disconnecting 30 substations for three hours and leaving 230,000 customers without power.
Expand your knowledge: Google Films List
Sony Pictures Hack (2014)
The Sony Pictures Hack (2014) was a massive cyberattack that exposed the vulnerability of big companies to cyberattacks.
In November 2014, Sony Pictures Entertainment fell victim to a spear phishing email campaign carried out by nation-state actors, believed to be from North Korea.
The attack compromised Sony's network, allowing hackers to access sensitive data, including unreleased films, employees' personal information, and sensitive corporate documents.
Sony faced financial losses estimated at $100 million and suffered severe reputational damage.
The hack crippled Sony's operations, with nearly half of 6,800 personal computers and over half of its 1,555 servers wiped out or destroyed.
The company had to delay the release of the movie "The Interview", which cost them tens of millions of dollars in financial losses.
A total of 47,000 Social Security Numbers were leaked in the attack, causing considerable embarrassment and trust issues for Sony.
Sony had to spend a lot fixing their security and dealing with lawsuits from employees whose personal data was leaked.
Additional reading: 2021 FBI Email Hack
Ukrainian Power Grid Attack
The Ukrainian Power Grid Attack was a significant incident that highlighted the vulnerability of critical infrastructure to phishing attacks. In December 2015, a phishing email enabled the attackers to access Kyivoblenergo's network, leading to a blackout that affected 230,000 customers.
The attackers used malware known as BlackEnergy to target the company's computer and SCADA systems, disconnecting 30 substations for three hours. This was a major disruption to the power grid, and it's a stark reminder of the potential consequences of a successful phishing attack.
The attack was widely perceived as being carried out by the NotPetya scammers, and it's a high-profile case of a critical infrastructure target being compromised through phishing. The incident serves as a warning to organizations and individuals alike to be vigilant in their cybersecurity measures.
The attack on the Ukrainian power grid was a significant event that had far-reaching consequences, affecting almost half of the homes in the Ivano-Frankivsk region in Ukraine, which has a population of about 1.4 million.
See what others are reading: Azure Incident
Frequently Asked Questions
What are the five main types of phishing attacks?
The five main types of phishing attacks are Email Phishing, Spear Phishing, Whaling, Smishing and Vishing, and Angler Phishing, each targeting individuals through various channels. Understanding these types is crucial to protecting yourself from these sophisticated cyber threats.
What are the 6 most common phishing techniques in order?
Here are the 6 most common phishing techniques in order: Email phishing, spear-phishing, whaling, smishing and vishing, social media phishing, and application phishing. These tactics use various channels to trick victims into divulging sensitive information or installing malware.
What is an example of phishing in 2025?
In January 2025, scammers posed as Chase Bank via emails with links to fake login pages, stealing users' banking credentials. Be cautious of phishing attempts disguised as invoices or tax documents with suspicious links or attachments.
Featured Images: pexels.com


