Being duped. It’s one of the more sickening feelings you can ever have. With it comes to anger, embarrassment, and generally, more anger. In the best-case scenarios, you might only be duped out of concert tickets or even the last cup of coffee. But imagine being duped out of hundreds of millions of hard-earned dollars, by a cybercriminal whose identity you may never even know. Take a moment to familiarize yourself with some of the biggest phishing scams of all time, and then consider how an ounce of prevention might save your company from ever making this list.
- Sony Pictures. A series of spear-phishing emails sent to Sony employees set this security breach into motion. After researching employee names and titles on LinkedIn, hackers posed as company colleagues, sending malicious emails containing malware to unsuspecting employees. In the end, more than 100 terabytes of company data were stolen, including newly released files, financial records, and customer data. All told, this phishing attack cost Sony more than $100 million.1
- Google and Facebook. When giants in the tech field are fall prey to cybercrime, heads turn. In this instance, a business email compromise (BEC) campaign that began with one phishing email tuned into a money-making scheme that lasted for years. Posing as a computer parts vendor, this hacker sent a series of fake invoices between 2013 and 2015, which were paid by the companies. More than $100 million was paid out, though in the end the cybercriminal behind the scam was found in Lithuania, arrested, and extradited to the U.S. where he is serving five years in federal prison.2,3
- The Ukrainian Power Grid Attack. In December of 2015, and as a result of a phishing email sent to a power plant employee, hackers were able to attack the Ukrainian electric utility company and force a blackout. What was most worrisome about this security breach was the fact that it marked only the second time in history that malicious email contained malware that can automate a major power outage.4
- Upsher-Smith Laboratories. In another case of CEO impersonation, hackers were able to convince this drug company’s accounts payable department to make nine wire transfers which totalled more than $50 million. Upsher-Smith Laboratories is seeking damages from the bank that handled the transfers, which reportedly missed “multiple red flags”, including one transfer with a beneficiary named “Sunny Billion Limited”.5
- Ubiquiti Networks. Using employee and CEO impersonation for this phishing scam, hackers were able to steal $46.7 million from the tech company. The spear-phishing emails tricked employees into providing the usernames, passwords and account numbers necessary for the hackers to transfer funds out of an Ubiquiti subsidiary in Hong Kong to the hackers’ overseas accounts.6
- Crelan Bank. Belgium’s Crelan Bank was taken for $75.8 million in a CEO fraud attack. This well-known cyberattack began with a phishing email directed at the organization’s finance department. The criminals posed as the CEO and directed the finance department to wire $10’s of millions of dollars overseas. Crelan Bank discovered this particular attack – also known as Business Email Compromise (BEC) - after an internal audit flagged the large transfers. Initially, Crelan Bank suspected internal fraud, though it didn’t take long for the phishing attack to surface. Sadly, the phishers, in this case, were never brought to justice and remain unknown.7
- Colonial Pipeline. Through this $5 million phishing attack may not be one of the most expensive in history, it quickly showed consumers in the U.S. how damaging and far-reaching phishing attacks can go. Colonial Pipeline transports more than 100 million gallons of fuel each day to cities throughout the eastern half of the United States. The company is also the primary source of gasoline, diesel, and jet fuel for cities on the East Coast. After a ransomware attack in May 2021, the company’s four main pipelines had to be shut down, igniting a widespread fuel shortage that lasted for weeks.8
Since 2020, the amount of money lost to cybercrimes has more than quadrupled.9 In fact, the FBI reported that in 2024, business email compromise (BEC) scams alone cost U.S. companies more than $2.7 billion.9 The best way to protect yourself from becoming a victim of cybercrime – regardless of your company’s size, is to have the very best and brightest prevention measures in place. INKY, the preferred anti-phishing solution for hundreds of companies nationwide, is relentlessly effective. Powered by AI, INKY detects and blocks things virus protection software cannot. And, it is also uniquely intelligent―using real-time learning to understand sender and user profiles and prevent phishing. INKY® is also simple to set up and integrates seamlessly with any email platform. Its powers go well beyond that of virus protection software, keeping companies like yours safe and secure.
If you're a Managed Service Provider (MSP) who is interested in learning more about INKY, schedule a free demonstration.
----------------------
INKY is an award-winning, behavioral email security platform powered by artificial intelligence/Gen AI, machine learning, and computer vision. INKY blocks phishing threats, prevents data leaks, and coaches users to make smart decisions. Like a cybersecurity coach, INKY signals suspicious behaviors with interactive email banners that guide users to take safe action on any device or email client. IT teams don’t face the burden of filtering every email themselves or maintaining multiple systems. Through powerful technology and intuitive user engagement, INKY keeps phishers out for good. Learn why so many companies trust the security of their email to INKY. Request an online demonstration today.
2Source: https://www.cnbc.com/2019/03/27/phishing-email-scam-stole-100-million-from-facebook-and-google.html
4Source: https://www.wired.com/story/crash-override-malware/
5Source: https://www.fox9.com/news/ceo-spoofing-costs-drug-company-50-million
6Source: https://money.cnn.com/2015/08/10/technology/ubiquiti-hacked/?iid=EL
9Source: https://www.ic3.gov/Media/PDF/AnnualReport/2024_IC3Report.pdf