Every day, cybercriminals target businesses of all sizes via phishing attacks — varying from mass-mailed scams to sophisticated targeted spear phishing schemes — and the consequences can be disastrous. In fact, IBM’s 2022 Cost of a Data Breach Report revealed that phishing is the costliest initial attack vector, at $4.91 million average cost of breach. Phishing is also the second most common initial attack vector of data breaches.
Phishing is the second most common initial attack vector of data breaches.
Cybersecurity experts predict that phishing will continue to become more prevalent in 2023 and beyond. That’s why you must learn how to effectively protect your company from phishing attacks. One way to achieve this is by learning from real-life stories of successful phishing scams.
1. Facebook and Google
Between 2013 and 2015, Lithuanian cybercriminal Evaldas Rimasauskas scammed over $100 million from Facebook and Google.
He posed as a staff member of Quanta Computer, an electronics vendor of the two tech companies. Using spoofed email accounts, Rimasauskas sent multiple fake invoices to Facebook and Google employees who regularly handled multimillion-dollar transactions with Quanta Computer. Those employees responded by sending the corresponding payments to what they thought were Quanta Computer's bank accounts.
These transactions weren’t flagged as suspicious by Facebook’s and Google’s banks since Rimasauskas provided supporting documents, such as fake contracts, invoices, and letters with forged signatures of top executives and similar-looking corporate seals.
2. Crelan Bank
During an internal audit in 2016, Crelan Bank discovered that they had fallen victim to a business email compromise scam, which cost them $75.8 million. The scammers — suspected to be foreigners — spoofed the CEO’s email account and used that account to trick an employee into wiring money to a fake bank account.
Read also: What should you do if your business falls for a phishing scam?
3. Fischer Advanced Composite Components AG (FACC)
FACC, an Austrian manufacturer of airplane components for Airbus and Boeing, became a victim of CEO fraud in 2016. CEO Walter Stephan's email account was spoofed and used to instruct an employee from the accounting department to wire 54 million euros (equivalent to $61 million) to an overseas bank account for a supposed acquisition project.
Upon realizing they were scammed, FACC was able to stop the transfer of 10.9 million euros. Unfortunately, they failed to retrieve the rest of the money from accounts in Slovakia and Asia.
4. Upsher-Smith Laboratories
In 2014, scammers impersonated Upsher-Smith Laboratories's CEO and directed an employee via email to execute nine wire transfers amounting to almost $50 million over the course of three weeks. The company was able to successfully recall one wire transfer, reducing its losses to $39 million.
Read also: How to identify the telltale signs of a phishing email
5. Ubiquiti Networks
In 2015, a BEC scam caused Silicon Valley computer networking company Ubiquiti Networks to lose $46.7 million — almost 10% of the organization’s cash position. Posing as the company's CEO, cybercriminals instructed the chief accounting officer through email to make 14 fund transfers to countries like China, Russia, Hungary, and Poland over the course of 17 days in order to close an acquisition deal.
After keeping track of the company's Hong Kong subsidiary's bank account, the FBI informed Ubiquiti Networks of the dubious fund transfers to overseas accounts. Soon thereafter, Ubiquiti Networks initiated legal proceedings overseas and was able to immediately recover $8.1 million.
Don’t wait for your company to become a phishing victim. Bolster your company’s cyber defenses by partnering with the IT security experts of Fidelis. We offer a comprehensive suite of cybersecurity services that will help protect your business from phishing and other cyberthreats. Get in touch with us today.