Phishing is one of the most popular hacking methods used by cybercriminals. It’s easier to implement than other techniques and it’s considerably effective. According to ProofPoint, 74% of American businesses experienced a successful phishing attack during 2020.
There are several variants of phishing but email phishing represents up to 96% of phishing attacks. Email phishing consists of supplanting reputable or trusted senders to trick the victims into revealing sensitive information or delivering payments.
The pretexts are infinite.
Generally, these false emails tend to create a sense of urgency for the user so that they provide important data without thinking about it twice.
For instance, they might try to mimic a typical PayPal email and tell you that your account has been compromised and you need to confirm your password as soon as possible. They may redirect you to a link for a website that looks just like PayPal, and if you don’t find any sign that it’s not the real website (such as a misspelled URL), you would most likely supply hackers with your login data.
Consider this example as a starting point and imagine how serious phishing can be —especially because anyone can be targeted by these scammers.
Many times, phishers simply send these fraudulent emails to thousands of random addresses and wait for people to fall into the trap. But other times, phishing attacks are more targeted and sophisticated - often just the first step in a complex scam or attack which can lead to an incredible amount of financial losses and data breaches.
Google and Facebook
Between 2013 and 2015, Google and Facebook unknowingly paid $123 million to phisher Evaldas Rimasauskas. The 50-years-old Lithuanian attacker repeatedly impersonated Quanta, a Taiwan-based hardware vendor that had business relations with both companies. The hacker had even registered a company with the same name in Latvia.
Using fake invoices, Rimasauskas tricked Facebook and Google employees into sending him money to bank accounts located in Cyprus and Latvia.
Eventually, the scam was discovered and Rimasauskas was arrested, extradited to the U.S., convicted, and sentenced to five years in federal prison. However, the IT companies only recovered about half of the stolen sum.
Sony Pictures Entertainment
In 2014, Sony Pictures Entertainment was involved in the production of The Interview, a political action comedy film about two journalists who receive orders to assassinate North Korea’s head of state, Kim Jong-Un.
The North Korean government had complained about the pending film for months, and warned that the movie was a “blatant act of terrorism and war” and threatening “a merciless countermeasure.”
Shortly after, the company fell victim to a huge phishing attack from a group of anonymous hackers who called themselves “the Guardians of Peace”. The hackers found Sony employees on LinkedIn and used their information to pose as company colleagues and send emails containing malware.
This way, they gained access to Sony’s network and leaked internal emails, financial records, several unreleased movies, and other materials.
The malware eventually wiped out half of Sony’s global digital network, thousands of the company's servers and computers were junked. It sent the global media giant back to the 1980s, employees started using fax machines and pens and paper. In fact, the hackers had been inside Sony’s system for weeks, and stolen all of Sony’s data before deleting it. They released confidential information, including embarrassing emails, unfinished film scripts, and even complete films onto the public internet.
Although North Korean authorities denied taking part in the attack, the FBI later formally attributed the attack to North Korea and declared it one of the largest cyberattacks ever perpetrated in the U.S.
The hackers sent a message to Sony Pictures, saying “Now we want you never let the movie released, distributed or leaked in any form of, for instance, DVD or piracy. And we want everything related to the movie, including its trailers, as well as its full version down from any website hosting them immediately." Later, Sony received another message that is claimed to be from the hackers, saying: “You have suffered through enough threats. We lift the ban. The Interview may release now.” However, the origin of this message was never confirmed and top executives at Sony received a message at about the same time, reinforcing earlier instructions not to release The Interview in any form.
The hacked data consisted of 38 million files exceeding 100 terabytes. The attack entailed a monetary loss of more than $100 million for Sony Pictures.
The Silicon Valley computer networking company was scammed in 2015 by cybercriminals who impersonated CEOs and employees to obtain the information they needed to steal up to $47 million.
The hackers targeted employees from the company’s finance department and tricked them into revealing usernames, passwords, and account numbers. This way, they were able to take funds from the Ubiquiti subsidiary in Hong Kong and transfer them to their own overseas accounts.
The company, which stakes its reputation partly on the security of its networking gear, also experienced a major data breach in 2021, although they claimed no user data had been accessed or stolen in that attack.
Operation Phish Phry
Operation Phish Phry was the name of the largest phishing investigation conducted by the FBI. It started in 2007 when the FBI's Los Angeles Electronic Crimes Task Force, Egyptian authorities, and financial institutions collaborated to dismantle a criminal ring that stole $1.5 million from American citizens.
The cybercriminals were found to be Egyptian hackers who used phishing techniques to obtain financial information from Bank of America's and Wells Fargo’s users. The information ended up in the hands of three Californian ring leaders who recruited “runners” to open bank accounts. Victims' money was transferred into these accounts and promptly emptied by the runners, who took a share and paid off their accomplices (the ring leaders in California and the Egyptian hackers).
Altogether, around one hundred people in the United States and Egypt were involved in the attack. They’re believed to have scammed more than 5,000 Americans.
BIMI - An Attempt to End Phishing
BIMI stands for Brand Indicators for Message Identification. As the name suggests, it is a tool for email authentication that helps people identify an entity more easily via logotypes.
Integrated into mailbox providers, BIMI links the brand logo to the company’s official email addresses. Any email sent by the real company should include the logo. If it doesn’t, you can suspect that someone else is trying to disguise as the company.
BIMI makes it more difficult for hackers to impersonate a firm, as they’d need to create a new BIMI DNS (Domain Name Server) entry for the brand as well as additional authentication records. Widespread use of BIMI could also boost brand recognition and email open rates, which would, in turn, benefit marketing.
Google recently incorporated BIMI into their mailbox service Gmail, one of the most popular webmail providers, with 1.8 billion active users worldwide. Since then, BIMI has improved Gmail’s capabilities to distinguish between legitimate emails and fake ones.
Apart from these filters, other methods to prevent phishing include user training (learning how to identify fraudulent emails) and multi-factor authentication (setting up two or more factors of authentication before accessing an account, i.e., numeric codes sent via SMS).