Email Security Blog

Big Phish: Strategies Behind the Largest Phishing Attacks of All Time

Striking it rich usually takes a lot of luck. It’s been known to happen with the right Mega Millions ticket, the perfect Vegas slot machine, and the savviest stock investment. The problem with all of these get-rich-quick-schemes is that the odds of hitting it big can literally be 1 in 300,000,000. In the world of cybercrime, there are much easier ways of bringing in a big score.

In 2019, the FBI’s cybercrime unit fielded and average of 1,300 complaints a day.1 Considering that 91% of cyberattacks start with a phishing email,2 and that Business Email Compromise (BEC) alone account for $1.7 billion in stolen revenue, it’s clear hackers prefer phishing to gambling.

So, how much money can a skilled cybercriminal make? Let’s take a look at some of the largest email phishing disasters, how they were pulled off, and how lucrative they were.






Business Email Compromise (BEC), fake invoices and contracts



Business Email Compromise (BEC), Fake invoices and contracts


Crelan Bank

Whaling attack email, CEO Impersonation


FACC (Austria)

Business Email Compromise (BEC), CEO Impersonation


Upsher-Smith Laboratories

Phishing emails, legal and CEO Impersonation


Ubiquiti Networks

Social Engineering


Leoni (Germany)

Spear Phishing and Whaling Attack


Xoom Corporation

Business Email Compromise (BEC) wire transfer


Pathé (France)

Business Email Compromise (BEC) wire transfer


Technimount spA

CEO Impersonation


The Scoular Company

Spear Phishing


MacEwan University

A phishing email, vendor payment scam






In order to identify, prevent, and stop phishing attacks of this, or any size, you need a third party’s assistance. INKY offers a relentlessly effective level of email security, capable of detecting and stopping every type and size of phishing threats. Aside from the phishing tactics mentioned above, INKY’s Phish Fence can spot hidden text, zero fonts, brand forgery, domain spoofing, account takeovers, and threats no one has ever seen before. That’s because INKY provides a level of ingenuity that is unlike other email security platforms. Using computer vision, artificial intelligence, and machine learning, INKY sees things the way humans do, recognizing logos, brand colors, email signatures, and more — but it also sees the millions of things humans can’t, spotting imposters by as little as a pixel. INKY is also compatible with every email platform, installing in no time.

If you’d like to learn more about the strategies behind the largest phishing attacks of all time, take a few minutes to review INKY’s on-demand webinar, entitled “90% Isn’t Enough”. You’ll see why settling for an email security platform that catches “most” phishing threats can be a very costly mistake.

Or, if you’d like to see INKY in action, schedule a free demonstration.


INKY® is the emerging hero in the war against phishing. An award-winning cloud-based email security solution, INKY® prevents the most complex phishing threats from disrupting or even immobilizing your company’s day-to-day business operations. Using computer vision, artificial intelligence, and machine learning, INKY® is the smartest investment you can make in the security of your organization. INKY® is a proud winner of the NYCx Cybersecurity Moonshot Challenge and finalist in the 2020 RSAC Innovation Sandbox Competition. Learn more about INKY® or request an online demonstration today.