5 of the Worst Phishing Attacks of All Time

Everyone has experienced a phishing attack once in their lives, whether that be via text, email or social media, hackers have always found new ways to steal data and money.

No one is safe from phishing attacks, even the biggest corporations in the world sometimes fall victim to attacks. It is often the case that the larger the company the more damage is done.

We look back at some of the most damaging phishing scams of all time.

Ubiquiti Networks loses £32 million to CEO Fraud (2015)

In a situation where a cybercriminal poses as a CEO of a company, asking an employee to handle an urgent money transfer, employees would be quick to act when dealing with an important figure of the company.

In 2015, an employee at Ubiquiti Networks in California was involved in one of the worst CEO fraud cases of all time – losing the company $39 million dollars as a direct result of the scam.

Austrian aeronautics company loses £34 million to CEO Fraud (2016)

In another case of CEO fraud, Austrian company, Fischer ACC, was a victim of a similar case. A criminal posing as the company’s CEO sent out an email requesting a transfer of £43 million, the employee, keen to please their boss sent the money quickly, where it then went straight to the criminals’ bank account.

Around £8 million was recovered once other employees realised the money was missing.

When fake invoices cost Google and Facebook over £100 Million (2013-2015)

In 2017 a Lithuanian man named Evaldas Rimasauskas managed to steal close to £100 million simply by sending Google and Facebook fake invoices asking for money, and somehow it worked.

Google and Facebook, being some of the largest companies on the planet have massive financial departments that handle thousands of transactions every day, this makes it easy for a few outsiders to slip through the cracks.

If there is any lesson to learn from this, it is that it is essential that your employees are trained to spot scam emails as it could lose you millions.

Colonial Pipeline loses up to £2.7 Billion (2021)

In May 2021, millions of Americans experienced first-hand the damage that cyber-attacks can cause, after fuel supplier Colonial Pipeline was crippled by a ransomware attack.

Although ransomware was responsible for much of the damage, the attackers were only able to plant the malicious software after gaining access to an employee’s password.

Colonial Pipeline paid £3.5 million for the decryption key but this was just the start, the company was shut down for a week which resulted in 20 billion gallons of oil to not be delivered, worth approximately £2.7 billion. This also resulted in 10 thousand petrol stations being left without oil for a week.

The phishing attack that took down Ukraine’s power grid (2015)

The most famous phishing attack of all time is the one that took down Ukraine’s power grid in 2015, leaving hundreds of thousands of people without electricity during a cold winter’s night.

A hacker managed to take control of the power operators computer and turn off the power for over 230,000 residents, leaving them without heating or electricity. Hackers also disabled back up supplies leaving the operators in the dark.

Ukraine pointed the fingers at Russia, however that has never been proven, given the long-standing tension between the two countries and the lack of financial motivation it isn’t a farfetched claim.

How could these have been prevented?

If these stories are anything to go by, it’s that training your staff is incredibly important to your businesses safety and security. This is where simulated phishing comes in. By training your staff with fake scam emails you can identify weak points and educate your employees on what to look out for when dealing with scam emails.

To find out more about simulated phishing, go to our website and get in touch – Simulated Phishing Campaigns | Genmar IT