Don’t Take the Click Bait
Welcome to the third installment of EMPIST’s Spooky Cyber Stories in honor of National Cybersecurity Awareness Month. This week, we are introducing the Phishing Phantom. The Phishing Phantom catches its victims off guard, invoking an urgent response that could cost them everything. Keep reading as we dive into some of the worst phishing attacks to date.
The scariest part about phishing attacks is they are happening constantly. In fact, in 2018, phishing & fraud increased within the last 3 months of the year, jumping over 50% from the annual average. With an estimated 14.5 billion spam emails sent every day, your chances of getting a visit from the Phishing Phantom is alarmingly high.
The Big Phish Phry
The first phishing attack we are going to cover is Operation Phish Phry of 2009. This scam was the biggest international phishing attack ever witnessed by the FBI. By sending people a fraudulent bank email, hackers were able to access the accounts of hundreds of people, stealing 1.5 million dollars. Later, nearly 100 hackers were arrested in parts of the US and Egypt for their involvement in the phishing attack.
Sony Pictures Gets Hooked
It was 2014 when the Phishing Phantom struck Sony Pictures. With the use of social engineering, hackers sent company employees a slew of phishing emails asking them to open infected attachments. Since the emails appeared genuine, several Sony employees reciprocated the phishing requests and opened the phishing flood gates.
During the Sony phishing attack, the company lost over 100 terabytes of data, and damages totaled around $100 million. Get the picture?
The Walter Stephan Crisis
Austrian aerospace executive Walter Stephan didn’t see this career-changing phishing attack coming. As the CEO of FACC, an email from Stephan to any employee wouldn’t be ignored. Knowing this, without even hacking the company’s system, hackers created a look-alike email address to match Stephan’s.
After setting up the spoofed email address, they sent out an email to an entry-level employee to transfer a large amount of money to a random bank account for a special project. Just like that, nearly $47 million was gone, and Stephan’s lost his position as FACC’s CEO.
Targeted by the Phishing Phantom
In 2013, this popular data breach hit the news. Target was caught up in a data breach affecting 110 million users, with 41 million of their retail credit cards exposed. This phishing attack was planned out very carefully. Instead of hitting Target directly, the cybercriminals went after a third-party vendor. Knowing this HVAC company shared access to Target’s servers, it was an easy hook. Once the phishing scam was sent to the HVAC company, their server was compromised, and access to Target’s information was readily available.
Surviving a Phishing Attack
There are so many preventative things you can do to combat a phishing attack. However, the most important thing you can do is educate yourself and your team on the warning signs of a phishing attack and the safety habits for phishing prevention. To learn more about our baseline phishing test, click here.