Phishing is a popular internet scam that has been claiming victims by the millions every year. It is often a precursor to a bigger, more dangerous attack or can even be an end-goal in itself. It is easy for hackers to execute since baiting victims is more a psychological than a technical game. For phishing, hackers use a variety of techniques, including email domain spoofing, infected email attachments, and dummy pages that farm user credentials. Using these, hackers launch and executive phishing campaigns that lead to full-blown internet scams. In this blog, we will look at some of the biggest internet scams caused due to phishing. We will also look at an emerging technique that can potentially block all email phishing attacks.
4 biggest internet scams caused by phishing
Google and Facebook
A 50-year-old Lithuanian hacker once forced two tech giants, Google and Facebook, to pay him $123million. For a span of 2 years between 2013 and 2015, the hackers, one Evaldas Rimasauskas, impersonated Quanta, a Taiwanese hardware vendor for both Google and Facebook. Evaldas had gone on to create / register a company with the same name in Latvia. Using fraudulent invoices, the hacker siphoned billing money from both the tech giants into his own bank accounts in Cyprus and Latvia.
Evaldas was eventually found out and arrested, and jailed for 5 years in a federal prison in the USA. But only half the amount of stolen money was recovered.
Sony Pictures Entertainment
In 2014, Sony was working on a movie called as The Interview, involving two journalists who receive an order to assassinate North Korea’s Kim Jong-Un.
North Korea had issues with the production of this movie and threatened to take serious action if Sony decided to go ahead with it. Shortly, Sony became victimized from a big phishing scam from a group of hackers who’d branded themselves as “the Guardians of Peace”.
This hacker group impersonated Sony employees by gleaning details off of their LinkedIn profiles, and then sent phishing emails from these impersonated email IDs.
With these successful phishing attacks, the Guardians of Peace gained access to Sony’s network and then leaked sensitive emails, financial records, some movies which were still to be released, and other materials that damaged the entertainment company. The malware also spread rapidly within the systems connected to the infected machine.
The state of the company was reduced to a sorry state where they had to fall back to fax machines and pen and paper for communication. Later it was discovered the hackers didn’t just leak data, they had also stolen it for themselves and then released it publicly on the internet.
Once their dirty deeds were completed, the hacker group sent a message to Sony saying this was the price Sony would pay for going forward with the movie and that Sony better not release it. The hacked data consisted of 38 million files exceeding 100 TB space. Sony suffered a loss of $100 million on account of this attack, and thus it has earned its spot on this list of the biggest internet scams.
Ubiquiti Networks, a Silicon Valley networking company, was ravaged by hackers in 2015. Cybercriminals impersonated Ubiquiti’s CEO and its employees to phish for credentials and data that allowed them to steal 47 million USDs from the company’s bank accounts.
The company’s finance department was targeted for phishing and baited into divulging sensitive information like usernames, passwords, and account numbers. Armed with this information, the hackers transferred capital from the company’s subsidiary in Hong Kong to their own overseas accounts.
The attack especially hit hard because part of Ubiquiti’s selling point was the security of their networking gear.
Operation Phish Phry
The FBI has conducted several investigations into cybercrime and online fraud. Operation Phish Phry was among the biggest internet scams that they investigated. It all began in 2007, when the FBI’s LA Electronic Crimes Task Force, authorities from Egypt, and multiple financial institutions all came together to dismantle a criminal ring that stole $1.5 Millions from American citizens.
It turned out Egyptian hackers were using phishing to steal financial information from the bank of America and Wells Fargo customers. The hackers opened dummy accounts in this bank as a holding account for the money that would be stolen. The Egyptian cybercriminals were in cahoots with hackers from California too.
The sum total of people involved in this internet scam was 100, including people from Egypt and America. Together, this criminal ring is believed to have scammed over 5000 American citizens.
Introducing BIMI – a way to prevent internet scams in your own organization
BIMI (Brand Indicators for Message Identification) is a newly emerging tool for email authentication that helps email receivers promptly identify the true sender of an inbound email. For this purpose, BIMI uses logotypes (the business’s official logo emblem) in the email.
BIMI integrates the brand logo with the official business email. So, it pops up for all real communication by a company. In short, if an email claims to have come from a certain business address and it is without the logo, you can take it as an indication that the email is a potential threat.
Besides better email security, BIMI also offers email marketers a way to improve their brand recognition and email open and click-thru rates. For more info, read our blog on the BIMI Gmail Update.
More IT and security resources and updates.