Top 5 Most Devastating Phishing Attacks Of All Time

by | October 6, 2021 | Cybersecurity

You might think you’ll dodge the hook. What are the odds of a phisher picking on your company, right? But, with such devastating phishing attacks hitting massive organizations, can you really afford to take the risk of relying on luck?

Let’s take a look at the five most ravaging, spine-chilling phishing scams ever.

What is Phishing?

Phishing is a cyberattack in which cybercriminals pretend to be a reputable entity or person, engaging various ways of online communication to distribute malicious links or attachments that can perform a variety of functions, but to one single end: stealing the victim’s data for financial gain.

This type of online fraud uses subtle and cunning social engineering strategies that allow cybercriminals who leverage human trust to steal the victim’s sensitive data, which is a lot easier than breaching a computer’s or a network’s defenses.

Such attacks are more and more popular because of how easy they are to conduct and their potential of netting the scammers a good payout.

Most Devastating Phishing Attacks Of All Time

1. FACC (€42 million)

The attack happened in January 2016, when an employee at the Austrian aerospace parts manufacturer FACC received an email asking the organization to transfer €42 million to another account for an “acquisition project.”

The perpetrator pretended to be the company’s CEO, Walter Stephan. Unfortunately, the employee failed to recognize the scam and complied with the request. However, because the organization didn’t give away too many details about what happened, it’s safe to say that Stephan was at least partly at fault. He was fired following an internal investigation after having “severely violated his duties.” FACC also fired its chief financial officer.

The company sued the executives, but the Austrian Court dismissed the lawsuit.

2. Crelan Bank (€75.6 million)

After only a month after the FACC attack, the Belgium-based company Crelan Bank became a victim of a similar CEO fraud phishing scam. The threat actor spoofed the email account of the firm’s CEO and contacted an employee asking them to transfer money into an account managed by the attacker. The incident resulted in losses of €75.6 million – although that may include recovery expenses.

3. Sony Pictures (€80 million/cca $100 million)

In November 2014, the ironically called ‘Guardians of Peace’ cybercriminal group stole and leaked a reported 100TB of data from the film studio Sony Pictures.

According to Stuart McClure, the CEO of computer security firm Cylance, who analyzed the stolen data, the scammers had thrown the bait months earlier. McClure discovered that many Sony executives, including CEO Michael Lynton, received phishing emails pretending to come from Apple. The email asked the targets to verify their username and password by entering them on a bogus credential-stealing website.

With this information, the scammers stole a significant amount of data, including details about Sony Pictures employees and their families, private correspondences, and information regarding then-unreleased movies.

The threat actors, who were linked to a state-sponsored North Korean group later on, asked Sony not to release a movie called The Interview, a comedy about a plan to assassinate Kim Jong-un, the North Korean leader.

They went as far as threatening terrorist attacks at cinemas if the film would be screened. This caused many cinema chains to refuse the movie.

Jim Lewis, a senior fellow at the Center for Strategic and International Studies, estimated that Sony Pictures suffered damages worth more than $100 million (about €80 million at the time).

4. Facebook and Google (€90 million/$100 million)

Between 2013 and 2015, the two tech giants were scammed out of $100 million after falling for a fake invoice phishing scam.

A Lithuanian man, Evaldas Rimasauskas, took advantage of the fact that both companies use Quanta Computer, a Taiwanese infrastructure supplier. He then sent them fake multimillion-dollar invoices impersonating the supplier over two years, complete with contracts and letters that seemed to be approved and signed by Facebook and Google executives and agents.

Facebook and Google eventually discovered the outrageously long-lived phishing scam and took legal action. They managed to recover less than half of the stolen money. Rimasauskas was arrested and deported from Lithuania. Two years ago, he was sentenced to five years in prison.

5. Colonial Pipeline (undisclosed)

On May 7 of this year, the attackers compromised the company’s billing system, rendering it unable to bill its customers, which was why the pipeline operations had to be shut down.

The criminal group stole almost 100 gigabytes of data, threatening to publish it online unless the ransom was paid. The company paid nearly 75 bitcoins within hours after the attack, equivalating to almost $4.4 million.

Joe Biden, the U.S. president, declared a state of emergency on May 9 in an attempt to alleviate shortages by removing restrictions concerning fuel transportation by road.

The attack was linked to a group called DarkSide, first noticed in August 2020, located in Eastern Europe. They stated on May 9, avoiding directly mentioning the ransomware attack, that “our goal is to make money, and not creating problems for society.”

After a six-day halt, the pipeline’s operations were restarted on May 12. However, Colonial Pipeline stated that various markets supplied by the company would continue experiencing intermittent service disruptions during the restart. The pipeline operations were fully restarted by May 15.

Despite the authorities’ best efforts, 10,600 gas stations were still out of fuel as of May 18.

The head of Colonial Pipeline, Joseph Blount, stated on June 8 that the hackers compromised their systems and caused such massive disruptions in their operations using one password.

CEO Joseph Blount acknowledged the financial damages to the broader U.S. economy in an interview with The Wall Street Journal, in which he explained his decision to pay the ransom.

“I know that’s a highly controversial decision,” he said. “I didn’t make it lightly. I will admit that I wasn’t comfortable seeing money go out the door to people like this. But it was the right thing to do for the country.”

The combined damage to Colonial Pipeline and the U.S. economy makes this attack by far the most expensive of all time.

Your Employees – Your Company’s Last Line Of Defense

As these catastrophic phishing scams demonstrate, human error is the most significant danger your company constantly faces. Over one billion phishing emails are sent out each day, and many of them bypass security filters. Thus, you need to be able to rely on your employees to stay vigilant and spot phishing scams.

To prevent such nasty incidents from happening, implement security awareness training in your company.

You need security awareness training for your employees for many reasons:

  • To prevent cyberattacks and breaches
  • To strenghten your technological defenses
  • To attract more customers
  • To make you more socially responsible
  • To empower your employees
  • To meet compliance standards
  • To prevent downtimes and maintain a good reputation

ATTACK Simulator’s Security Awareness Training program will help you equip your employees with the necessary security knowledge and up-to-date security practices to keep your company safe from scammers and avoid potentially irreparable damage.

Devastating phishing attacks happen all the time, so stay safe with ATTACK Simulator.

Put your employees to the test with our free security awareness training trial and find out if they’d take the bait! The results might shock you.


Feature Image: By Mohamed Hassen on Pixabay

by Diana Panduru

Content writer for Attack Simulator. Passionate about all things writing and cybersecurity, and obsessed with driving. I sometimes indulge in pencil drawing, poetry, and cooking for fun.

There’s no reason to postpone training your employees

Get a quote based on your organization’s needs and start building a strong cyber security infrastructure today.