The biggest Phishing Scams of the last decade
Keyboard with red key epresenting Cyber Security
October 15, 2021

October is Cybersecurity Awareness Month, so it’s almost mandatory to explore one of the biggest cyber threats known to date. Phishing scams are amongst the greatest cyber security threats that businesses and organizations face today. 75% of organizations around the world experienced some kind of Phishing scam in 2020. According to the FBI, there were nearly 11 times more phishing complaints in 2020 than in 2016. Phishing attacks are only rising with the increase in remote work. The attacks are becoming popular because they are easy for hackers to conduct and can potentially lead to large payouts. Phishing scams can lead to devastating costs for many parties involved. Below we will examine some of the biggest and most costly phishing scams that have happened in the last decade.

 

1. FACC

In January of 2016, FACC, an Austrian Aerospace and Defense company lost around €50 million from an email phishing scam. The scam was believed to be a Business Email compromise scheme, in which the attackers impersonate a finance official in the company and attempt to trick the email receiver into transferring a large amount of money into the attackers’ account. After the loss, FACC decided to vote off their CEO as a consequence, and also fire their Chief Financial Officer. It is unclear what their roles were exactly in this scam, but it is evident that the consequences of falling for such a phishing scam can be very severe and detrimental – not only financially.

 

2. Sony Pictures

In November of 2014, Sony Pictures was hacked by a group called “The Guardians of Peace”. Numerous consequences occurred; one of them being that 100 Terabytes of unreleased data and pictures were leaked. CEO of Cylance, a large computer security firm, stated that the hacking group was able to infiltrate Sony’s system through phishing scams they planted months earlier. Employees of Sony Pictures, including the CEO, received ID Verification emails that appeared to be from Apple. Once Sony was hacked, the attackers also demanded Sony to withdraw their movie “The Interview” which was a comedy about a planned assassination of Kim Jong-un, the North Korean leader at the time. Many cinemas refused to screen the film as the group also threatened terrorist attacks at the openings. It is difficult to calculate the full scope of damages of this phishing attack, but the estimated costs to the company were over $100 million.

 

3. Facebook and Google

Between 2013 and 2015, over $100 million was stolen from Facebook and Google through another clever phishing scam. The hackers created fake email accounts which looked like they were sent by employees of Quanta, an infrastructure supplier in Taiwan that both Facebook and Google worked with. The hackers then sent phishing emails with fake invoices to financial officers at Facebook and Google who were used to conducting such large transactions. Once the scam was eventually discovered, both companies took legal action and the hacker was identified as Evaldas Rimasauskas, a Lithuanian man who was then sentenced to 5 years in prison.

 

4. Colonial Pipeline

The most recent and largest phishing scam occurred earlier this year, in May 2021 to Colonial Pipeline in the U.S. Although Colonia Pipeline was hit with ransomware, the attackers only gained access through an employee’s email which was most likely accessed through a phishing attack, as the U.S. government believes. The exact source of the attack is still being investigated. It is impossible to determine how costly the cyber-attack really was, as effects have been felt in many countries that dealt with Colonial Pipeline and are still being uncovered. The company has already paid $4.4 million to the hackers. As the organization provided half of the oil supply to the U.S.’ east coast, the effects were felt publicly when gas prices soared after Colonial Pipeline was shut down for two weeks.

 

Phishing scams are not going anywhere, and the best way to stop and detect them is through your front-line employees. Regular phishing training should be conducted to help employees become aware of the severity of the attacks, as well as to know what to look for in everyday emails.

 

By: Joanna Ambros, MBA

 

You May Also Like…

0 Comments

Submit a Comment

Your email address will not be published.

Solutions to Grow Your Business

We've got you covered with our comprehensive portfolio of solutions.

Cybersecurity Solutions

Cyber Incident ​Response
Endpoint Detection and Response (EDR)
Extended Detection and Response (XDR)
Firewall Security
Mail Security
Penetration Testing Services
Security Baseline Assessment
User Defence
Vulnerability Detection Response
Wi-Fi Security

Backup & Recovery Solutions

Hybrid Backup
Enterprise Backup
Mail Archiving

Helpdesk & Field Services Solutions

Monitoring and Management Solutions

Professional Services & Consulting Solutions

Public and Private Cloud Solutions

Azure Management and Monitoring
Microsoft 365 Administration
Private Cloud
Microsoft CSP

Your Partner in Digital Transformation

Helping the Next Generation of MSP and IT Solution Providers Transform and Grow

businessmans handshake

Partnership Overview

Jolera’s partner program offers flexibility to engage with us on your terms. We have spent more than two decades building award-winning best in class partner enablement and turnkey end-customer solutions for you.

progress

Partner Program

Jolera has three partner programs to choose from: Select, Preferred and Premier.

Learn About Us and The Legacy We Have Created

At Jolera, we treat each MSP partner with specialized care. With more than 20 years of IT experience, we offer the latest technology to navigate cloud, security, endpoint, and storage needs.

vintage pocket watch vintage background concept

About Us

Jolera is widely recognized as a global managed services leader. We started as managed services provider over 20 years ago and have been at the forefront of managed services innovation ever since.

progress

Our People

As a service provider our main goal is to make the customer happy. For that final goal, we need passionate and happy people working with us – Our People Are Our Biggest Asset.

progress

Our Leaders

We are performance driven at the core - tying together best of breed technology and industry leading expertise with pragmatic processes built to deliver outcomes.

Meet Our Leaders!