8 Devastating Phishing Attack Examples (and Prevention Tips)
What are Phishing Attacks?
Phishing is a cyber threat that involves sending malicious messages designed to trick victims into disclosing sensitive information or distribute malware, such as ransomware, into a victim's infrastructure. It is the most common form of social engineering. According to research from Verizon, phishing is involved in 36% of successful data breaches.
Phishing attacks are becoming more sophisticated and often create a convincing mirror version of a target website, encouraging victims to provide their credentials and allowing attackers to monitor everything they do on the site.
We’ll cover some of the most devastating phishing attacks in recent years, including the Google/Facebook attack that resulted in $87 million in losses, and the Colonial Pipeline attack that shut down oil production on the U.S. east coast.
Phishing Attacks: Real-Life Examples
1. Google and Facebook Phishing Attack
Between 2013 and 2015, a phishing campaign caused Facebook and Google losses of $100 million. The attackers took advantage of the fact that both companies had a Taiwanese supplier called Quanta. The attackers sent a series of fake invoices, pretending to be from Quanta, and the invoices were paid by Facebook and Google.
Eventually, the fraud was discovered, and Facebook and Google took legal action. The attackers were arrested in Lithuania and extradited to the U.S.. Facebook and Google were able to recover $49.7 million of the $100 million stolen.
2. Colonial Pipeline Phishing Attack
In 2021, fuel supplier Colonial Pipeline was strongly hit by a ransomware attack. The organization paused operations after its business networks and billing systems were compromised by attackers. The attack had a large impact on the U.S. economy, with nearly half of the U.S. East Coast oil supply shut down for a week.
In this attack, most of the financial damage was due to ransomware — the company paid $4.4 million in ransom. But it appears that the attack vector attackers used to gain access to Colonial Pipeline systems was through phishing. U.S. government reports about the attack suggested that phishing is the method commonly used by the DarkSide gang responsible for the attack.
3. Elara Caring Phishing Attack
In 2020, U.S. healthcare provider Elara Caring was subjected to a phishing attack that targeted two employees.
With only these two compromised targets, attackers gained access to employee email accounts and compromised the personal information of more than 100,000 elderly patients, including names, dates of birth, financial information, banking information, social security numbers, driver's license numbers and insurance information. The attackers maintained unauthorized access for a week before Elara Caring identified and contained the breach.
4. Levitas Capital Phishing Attack
In 2020, a whaling attack was conducted against the co-founder of the Australian hedge fund Levitas Capital. The co-founder received an email containing a fake Zoom link. When he clicked the link, malware was deployed on the hedge fund's corporate network, generating fraudulent invoices of nearly $8.7 million.
The actual financial losses from the attack were $800,000, but the attack also damaged the hedge fund’s reputation, causing them to lose their biggest client and shut down operations.
5. USPS Phishing Attack
In 2020, a smishing campaign used the United States Post Office (USPS) as a front for an attack. Cybercriminals sent SMS messages that told recipients they should click a link to view important information about an upcoming USPS delivery. The malicious link actually took victims to various web pages designed to steal their Google account credentials.
6. Spectrum Health Phishing Attack
In 2020, Spectrum Health System, a healthcare organization, reported a phishing attack involving a patient who received a call from an individual masquerading as an employee. The attackers aimed to extract personal data from Spectrum Health's patients and members, including member ID numbers and other personal health data associated with the account.
Spectrum Health reported that attackers used tactics such as flattery and intimidation to force victims to pass on data, money, or access to personal devices.
7. U.S. Interior Department Phishing Attack
In 2020, attackers breached the U.S. Department of the Interior's computer systems. Hackers used the evil twin phishing technique, in which individuals are tricked to connect to a fake Wi-Fi access point controlled by an attacker. This technique allowed the attackers to steal credentials and gain access to the department's WiFi network.
Further investigation revealed that the department did not operate within a secure wireless network infrastructure. In addition, the department did not implement its internal network security requirements, including strong user authentication, regular network security testing, and network monitoring.
8. Crelan Bank Phishing Attack
Crelan bank in Belgium was the victim of a business email compromise (BEC) scam, which resulted in damage of more than $75 million. In this type of attack, phishers compromise the accounts of senior corporate executives and instruct employees to send money to accounts controlled by the attackers. The Cleran Bank phishing attack was discovered during an internal audit. The organization could not recoup the loss.
Learn how phishing attacks work in our guides to:
Phishing attacks (coming soon)
Phishing Attacks Prevention and Protection
Employee Awareness Training
Phishing attacks target employees of all types. It is critical to instruct employees on identifying indicators of phishing attacks and understand the various phishing strategies so they know how to avoid them. Your employee awareness training should also include clear guidelines explaining how to report suspicious incidents.
Deploy Email Security Solutions
Email filtering solutions help protect against malware and various malicious payloads detected in email communication. The solution scans emails and looks for malicious attachments or links, suspicious language, and spam content. Once the solution detects a threat, it automatically blocks and quarantines the suspicious emails, using sandboxing technology to check if it contains malicious code.
Make Use of Endpoint Monitoring and Protection
Cloud services and personally-owned devices introduce an increasing number of new endpoints beyond the traditional perimeter. Threat actors can exploit these insecure endpoints to breach into the connected network. Endpoint monitoring and protection extend visibility beyond the traditional perimeter to detect and respond to endpoint threats and quickly remediate compromised devices.
Conduct Phishing Attack Tests
Phishing attack tests are simulations that help evaluate the effectiveness of your security awareness training programs. It involves simulating a phishing attack to check whether users can flag and report it as per the organization’s policies.
The simulation helps determine who can find suspicious messages and who does not. Insights from this test can help train end-users to better spot and report attacks and ensure they are constantly informed on the latest phishing strategies.
Limit User Access to High-Value Systems and Data
In general, phishing attacks attempt to trick users of all levels. However, the higher the privileges, the more attractive an account. It is possible to mitigate this risk by restricting access to data and systems. You can also employ the principle of least privilege to give users only the privileges required to perform their job. Limiting user access can help prevent unauthorized actions or data leakage.