Email Security Blog

7 of the Biggest Phishing Scams of All Time

Being duped. It’s one of the more sickening feelings you can ever have. With it comes to anger, embarrassment, and generally, more anger. In the best-case scenarios, you might only be duped out of concert tickets or even the last cup of coffee. But imagine being duped out of hundreds of millions of hard-earned dollars, by a cybercriminal whose identity you may never even know. Take a moment to familiarize yourself with some of the biggest phishing scams of all time, and then consider how an ounce of prevention might save your company from ever making this list.

  1. Sony Pictures. A series of spear-phishing emails sent to Sony employees set this security breach into motion. After researching employee names and titles on LinkedIn, hackers posed as company colleagues, sending malicious emails containing malware to unsuspecting employees. In the end, more than 100 terabytes of company data were stolen, including newly released files, financial records, and customer data. All told, this phishing attack cost Sony more than $100 million.1
  2. Google and Facebook. When giants in the tech field are fall prey to cybercrime, heads turn. In this instance, a business email compromise (BEC) campaign that began with one phishing email tuned into a money-making scheme that lasted for years. Posing as a computer parts vendor, this hacker sent a series of fake invoices between 2013 and 2015, which were paid by the companies. More than $100 million was paid out, though in the end the cybercriminal behind the scam was found in Lithuania, arrested, and extradited to the U.S. where he is serving five years in federal prison.2,3
  3. The Ukrainian Power Grid Attack. In December of 2015, and as a result of a phishing email sent to a power plant employee, hackers were able to attack the Ukrainian electric utility company and force a blackout. What was most worrisome about this security breach was the fact that it marked only the second time in history that malicious email contained malware that can automate a major power outage.4
  4. Upsher-Smith Laboratories. In another case of CEO impersonation, hackers were able to convince this drug company’s accounts payable department to make nine wire transfers which totalled more than $50 million. Upsher-Smith Laboratories is seeking damages from the bank that handled the transfers, which reportedly missed “multiple red flags”, including one transfer with a beneficiary named “Sunny Billion Limited”.5
  5. Ubiquiti Networks. Using employee and CEO impersonation for this phishing scam, hackers were able to steal $46.7 million from the tech company. The spear-phishing emails tricked employees into providing the usernames, passwords and account numbers necessary for the hackers to transfer funds out of an Ubiquiti subsidiary in Hong Kong to the hackers’ overseas accounts.6
  6. Crelan Bank. Belgium’s Crelan Bank was taken for $75.8 million in a CEO fraud attack. This well-known cyberattack began with a phishing email directed at the organization’s finance department. The criminals posed as the CEO and directed the finance department to wire $10’s of millions of dollars overseas. Crelan Bank discovered this particular attack – also known as Business Email Compromise (BEC) - after an internal audit flagged the large transfers. Initially, Crelan Bank suspected internal fraud, though it didn’t take long for the phishing attack to surface. Sadly, the phishers, in this case, were never brought to justice and remain unknown.7
  7. Colonial Pipeline. Through this $5 million phishing attack may not be one of the most expensive in history, it quickly showed consumers in the U.S. how damaging and far-reaching phishing attacks can go. Colonial Pipeline transports more than 100 million gallons of fuel each day to cities throughout the eastern half of the United States. The company is also the primary source of gasoline, diesel, and jet fuel for cities on the East Coast. After a ransomware attack in May 2021, the company’s four main pipelines had to be shut down, igniting a widespread fuel shortage that lasted for weeks.8

Since 2015, the amount of money lost to cybercrimes has more than tripled.9 In fact, the FBI reported that in 2020, business email compromise (BEC) scams alone cost U.S. companies more than $1.8 billion.9 The best way to protect yourself from becoming a victim of cybercrime – regardless of your company’s size, is to have the very best and brightest prevention measures in place. INKY, the preferred anti-phishing solution for hundreds of companies nationwide, is relentlessly effective. INKY detects and blocks things virus protection software cannot. And, it is also uniquely intelligent―using real-time learning to understand sender and user profiles and prevent phishing.   INKY® is also simple to set up and integrates seamlessly with any email platform. Its powers go well beyond that of virus protection software, keeping companies like yours safe and secure.


INKY® is the emerging hero in the war against phishing. An award-winning cloud-based email security program, INKY® prevents the most complex phishing threats from disrupting or even immobilizing your company’s day-to-day business operations. Using computer vision, artificial intelligence, and machine learning, INKY® is the smartest investment you can make in the security of your organization. INKY® is a proud winner of the NYCx Cybersecurity Moonshot Challenge and a finalist in the 2020 RSAC Innovation Sandbox Competition. Learn more about INKY® or request an online demonstration today.