Studies and researches have shown that IT vulnerabilities and threats are remarkably increasing day by day and they are becoming a burning issue among Netizens nowadays. Phishing attacks are among these threats which have gained popularity by creating havoc in the Internet world.
What is a Phishing Attack?
Phishing is a kind of social engineering attack, which is used to steal user’s sensitive information and precious data including login credentials and credit card numbers. It occurs when an attacker who disguises as a trusted entity lures its victim into opening an email, text message, or instant message. The recipient is hence tricked into clicking and opening the malicious link, this leads him to the installation of malware on his device. Just as the malware attacks the device the freezing of the system, which is a part of ransomware attack, takes place. This is how your sensitive information gets exposed to the attacker.
A phishing attack can have drastic effects on a victim which includes stealing of funds, unauthorized purchases, and the worst of all, Identity theft.
Major Phishing Attacks in History
The top 5 major phishing attacks in history that were reported include:
- Phishing scam attacks a security firm
RSA, that provides Business-Driven Security, suffered a data breach in March 2011, but didn’t disclose how the attack occurred. A few weeks later, the security firm revealed the attack details. RSA actually got hit by a spear phishing attack that exploited an Adobe Flash vulnerability that was not patched before.
That’s how the attack enabled cybercriminals to get their hands on the master keys for all RSA SecureID security tokens through which US defense suppliers’ network was breached.
- A phishing attack that caused Target’s data breach
In 2013, 110 million customers were affected by the colossal data breach of the nationwide retail giant Target, that was supposed to have originated from a phishing attack. The breach cost Target millions of dollars.
The data breach was thought to have set up through FSM – Fazio Mechanical Services, an air conditioning, and heating ventilation contractor that was connected to Target’s system for providing contract submissions, project management services, and electronic billing services.
As reported, the network credentials were breached through an email malware attack at FSM, which began two months before the cybercriminals started looting the card data from a number of Target cash registers. The firm fired its CEO and CIO because they were both accused of taking the computer security light-handed.
- CEO got attacked by a phishing scam
Walter Stephen, CEO of FACC the Boeing and Airbus supplier for 17 years, was immediately fired by FACC’s board when he fell for a major phishing scam.
Cybercriminals masqueraded as an authorized person high up in the company and lured Stephen through an email for the need of a secret yet huge transaction. Stephen fell for the phishing scam that cost the company approx $56.79 million!
The firm managed to redeem about a fifth of the amount but the rest of it got lost in the accounts in Asia and Slovakia, this majorly affected the company’s share value.
- Anti-phishing operation
The FBI reported in 2009 to have charged 100 people for using phishing scams to get hold of the account details from thousands of people and transferring the amount of approx $1.5 million into fake accounts.
One of the largest anti-phishing operations, Operation Phish Phry, led to the discovery of a fraudulent group of cybercriminals that was targeting US bank account holders through a phishing scam. This operation was recorded to be the biggest international phishing case ever conducted.
- The huge UK phishing scam
A fraud worth of £59 million, as estimated by the Met Police’s Action Fraud unit, was prevented in the UK after three men were traced, living in London in luxury hotels, and convicted of initiating phishing scams to access the bank accounts of a number of companies in 14 countries.
The Met Police Central e-Crime unit (PCeU), the US Secret Service, and the Serious Organized Crime Agency analyzed about 2,600 phishing pages that mimed banking websites.
They later discovered 70 million customer email addresses to be used in phishing scams and found servers containing details of 30,000 bank customers among which 12,500 were in the UK.
The three men were sentenced to a total 20 years. At that time, Investigating Officer DI Jason Tunn declared that it was the biggest case the PCeU has dealt with to date.
The Here and Now
Since the IT threats and vulnerabilities are becoming more diverse, complex and are proliferating at an enhanced rate, chances of becoming a victim of a phishing attack have increased as well. As we are all part of the Internet world so it becomes out of a question that only the popular or particular individuals will be targeted.
With the existence of such a possibility, it becomes equally important to put in enough efforts from your end so as to minimize the consequences of becoming a victim of a phishing attack. Read more about phishing techniques and preventive measures in Phishing Attacks Part 2: How to Protect Against an Attack.
Author Bio: Peter Buttler is a Professional Security Expert and Journalist contributing to digital privacy and cybersecurity publications for six years. He conducts interviews with security authorities to present expert opinions on the latest security affairs. While writing, Peter emphasizes on latest security and technology trends that are directly related to individuals’ privacy. You can follow him on Twitter @peter_buttlr.
Peter Buttler is a guest blogger, all opinions are his own.