Top Ten Phishing Scams
Image taken from CSO Online
Two year's worth of NIST-aligned training
Deliver a comprehensive security awareness program using this series' 1- or 2-year program plans.
Dyre Phishing Scam
In October 2014, the Dyre, also known as Dyreza, infected more than 20,000 people via phishing campaigns. Dyreza banking malware was able to steal more than $1 million from targeted organizations successfully. The phishing campaign varied from target to target with regards to attachments, themes, payloads and exploits. Most of the emails were sent posing as a tax consultant with the intent to get the victim download the malicious .exe file.
IBM Security were the ones to identify this as a threat and also mentioned that the social engineering tactics used by the attackers were so sophisticated that the victims were willing to bypass their two-factor authentication.
Affected Systems: Microsoft Windows
The malware was designed in such a way that it was capable of capturing user login information, including banking services, and send the captured data to the attackers. In few cases, a PDF file was also used in the attempt of exploiting the unpatched vulnerabilities of Adobe Reader. Few cases also reported that a new screen would appear whenever the victim tried to open a banking site. The page explained to them that the site is experiencing some issues and that the victim should call the number provided to get help to log in. Once the call was completed, the wire transfer would be complete.
Operating Phish Phry
In 2009, nearly 100 people were charged in the U.S. and Egypt for this phishing operation. The attackers in this operation had targeted U.S. banks and were able to steal $1.5 million. The operation had originally started in 2007. This attack victimized more than 500 people.
The financial institutions affected were Bank of America and Wells Fargo. Attackers in Egypt sent fake e-mails to the victims disguising themselves as the bank itself and urging the victims to update their online banking information. The email then took the victims to a fake bank website which prompted the victims for an account number and password.
The U.S. operation in-charges, Kenneth Joseph Lucas, Nichole Michelle Merzi and Jonathan Preston Clark, recruited people to set up bank accounts at Bank of America and Wells Fargo. The attackers in Egypt would then access the victim's accounts and wire transfer the funds to these accounts. Later the money was withdrawn from these accounts, and wire transferred to the attackers in Egypt after keeping a commission.
Fake President Incident
In 2016, CEO of the Austrian-based aerospace parts maker, FACC fired its then CEO, Walter Stephan, after the company suffered a cyber-attack in which $47 million (42 million euros) were stolen.
The fake email asked an employee to transfer money to an account for a (fake) acquisition project. Since the company had no protocols for such requests in place, the transfer went through. However, the company was able to stop a transfer of 10.9 million euros.
The email was said to have been a copy of the business email in which the attackers impersonate the CFO (Chief Financial Officer) of that company. The domain name of the company was spoofed as well. The money transferred were to banks in Slovakia and Asia.
RSA Phishing Attack
In 2011, RSA reported that they suffered a data breach in March as a result of a spear phishing attack. The attack exploited an Adobe Flash vulnerability (CVE-2011-0609) that was unpatched which resulted in a backdoor being installed on the compromised machine known as Poison Ivy.
The email had a single line of text that said: "I forward this file to you for review. Please open and view it." While the subject line read "2011 Recruitment Plan" and the attached file titled: "2011 Recruitment plan.xls."
The attacker had sent two different phishing emails over two days. The email was sent to four people who would not normally be categorized as high-value targets. The data was stolen from the systems at RSA, transferred to a staging server and then moved to the attacker. The attacker also used FTP to transfer many password-protected RAR files.
Milwaukee Bucks Phishing Scam
In 2016, the Milwaukee Bucks team fell into a phishing scam that compromised their financial data. An email was received impersonating the team's president, Peter Feigin, an employee sent out 2015 tax details for all the Bucks employees, including players.
The data breach originally took place in April 2016 but wasn't uncovered later till May of that year. The records compromised include player and staff financials, name, addresses, Social Security Numbers, date of birth and total compensation packages.
The email address used to send the email was: peterfeigin69@aol.com
Swedish Bank Heist
In 2007, Swedish Bank Nordea lost about $1.1 million in a phishing scam. The scam took place for over 15 months during which the bank customers were lured in opening email attachments titles "raking.exe" or "raking.zip." The attachments were sold to be anti-spam software, Oh the irony, containing a Trojan called "haxdoor.ki."
Approximately 250 bank customers were said to be affected by it. "Haxdoor.ki" usually installs a keylogger and hides itself using a rootkit. The virus was designed in such a way that whenever the victims attempted to use the banking website, they were presented with a fake bank page.
The victims were then asked to enter their personal information such as account numbers, usernames, and password and when entered, an error page was loaded claiming that the site was facing some technical difficulties. The hackers played it smart by making small transactions from the account thus by keeping is difficult to distinguish the fraudulent transactions.
IMF Data Leak
In 2011, the IMF (International Monetary Fund) was hit with a massive cyber-attack. Officials said that the hack was designed to install software to create a "digital insider presence." The exact damage was never disclosed, however, seeing the type of information IMF houses, any data stolen would be very sensitive material.
Bloomberg had reported that the IMF's hack was conducted by hackers "believed to be connected to a foreign government" resulting in loss of emails and document. The only information released said that an internal memo was sent from the company's CIO stating that suspicious file transfers had taken place and that their investigation showed a desktop had been compromised and used to access some Fund systems.
Iranian Elections Hack
In 2013, thousands of Gmail accounts belonging to Iranian users were targeted over weeks near the time of the elections suggesting that the attacks were politically motivated and were conducted to sway the votes in a certain direction.
The emails sent to the users was described as an attempt to trick the victims to give up their usernames and passwords.
The emails were said to have been sent from the Google administrators from the account email.settings@gmail.com which contained a link to a fake sign-in page asking for the user's Gmail credentials.
The White House Bombing Hoax
In 2013, an Associated Press Twitter account was said to be compromised due to a common phishing attack. The results of this hack, however, were severe. A tweet sent from the hacked Twitter account claimed that an explosion took place at the White House and that the then president, Barack Obama, had been injured. This news was shared with over 1.9 million people who followed the account at that time.
This tweet caused the S&P 500 index value to be down by $136.5 billion. A group of hackers who go by the name Syrian Electronic Army claimed responsibility for the hoax.
AP's main Twitter handle was compromised when an AP's journalist opened a phishing e-mail and clicking on a link in it. The story was proved false, and the market recovered its losses, however, the fear remained.
Snapchat Data Leak
In 2016, Snapchat's payroll department was targeted by an email phishing scam. The attacker impersonated the CEO (Chief Executive Officer) and asked for employee payroll information. Information about some current and former employees was disclosed. It is said that almost 700 people were affected by this attack.
Back in 2014, around 200,000 photos were leaked from users due to some unofficial third-party apps vulnerabilities. However, in this case, Snapchat claims that no user data was affected.
Get six free posters
Reinforce cybersecurity best practices with six eye-catching posters found in our free poster kit from our award-winning series, Work Bytes.
In 2013, usernames and phone numbers of almost 4.6 million users were leaked and posted online temporary on a website.
- Reduce security events
- Reinforce cyber secure behaviors
- Strengthen cybersecurity culture at your organization
In this Series
- Top Ten Phishing Scams
- Keeping your inbox safe: How to prevent business email compromise
- The best 9 phishing simulators for employee security awareness training (2023)
- How to set up a phishing attack with the Social-Engineer Toolkit
- Extortion: How attackers double down on threats
- How Zoom is being exploited for phishing attacks
- 11 phishing email subject lines your employees need to recognize [Updated 2022]
- Consent phishing: How attackers abuse OAuth 2.0 permissions to dupe users
- The state of BEC in 2021 (and beyond)
- Why employees keep falling for phishing (and the science to help them)
- Phishing attacks doubled last year, according to Anti-Phishing Working Group
- The Phish Scale: How NIST is quantifying employee phishing risk
- 6 most sophisticated phishing attacks of 2020
- JavaScript obfuscator: Overview and technical overview
- Malicious Excel attachments bypass security controls using .NET library
- Phishing with Google Forms, Firebase and Docs: Detection and prevention
- Phishing domain lawsuits and the Computer Fraud and Abuse Act
- Phishing: Reputational damages
- Spearphishing meets vishing: New multi-step attack targets corporate VPNs
- Phishing attack timeline: 21 hours from target to detection
- Overview of phishing techniques: Brand impersonation
- BEC attacks: A business risk your insurance company is unlikely to cover
- Cybercrime at scale: Dissecting a dark web phishing kit
- Lockphish phishing attack: Capturing android PINs & iPhone passcodes over https
- 4 types of phishing domains you should blacklist right now
- Email attack trend predictions for 2020
- 4 tips for phishing field employees [Updated 2020]
- How to scan email headers for phishing and malicious content
- Should you phish-test your remote workforce?
- Overview of phishing techniques: Fake invoice/bills
- Phishing simulations in 5 easy steps — Free phishing training kit
- Overview of phishing techniques: Urgent/limited supplies
- Overview of phishing techniques: Compromised account
- Phishing techniques: Contest winner scam
- Phishing techniques: Expired password/account
- Overview of Phishing Techniques: Fake Websites
- Overview of phishing techniques: Order/delivery notifications
- Phishing technique: Message from a friend/relative
- [Updated] Top 9 coronavirus phishing scams making the rounds
- Phishing technique: Message from the boss
- Cyber Work podcast: Email attack trend predictions for 2020
- Phishing techniques: Clone phishing
- Phishing attachment hides malicious macros from security tools
- Phishing techniques: Asking for sensitive information via email
- PayPal credential phishing with an even bigger hook
- Your 2020 tax scam training guide
- Abusing email rules
- 8 phishing simulation tips to promote more secure behavior
- Top types of Business Email Compromise [BEC]
- Be aware of these 20 new phishing techniques
- Phishing in academic environments
- Reduce security events
- Reinforce cyber secure behaviors
- Strengthen cybersecurity culture at your organization
