Phishing is the name given to a method of gaining access to confidential details by sending an email attachment purporting to be legitimate but which actually harvests passwords and other information.
Phishing has been used in some of the most notorious cyberattacks of the last ten years. Here are four examples of phishing-led attacks that have shocked the world.
Sony pictures lost over 100 million dollars during the course of a phishing attack targeting the company’s employees. Hackers posed as colleagues and high-ranking executives. They send phishing emails containing malware that allowed for the removal of data. Up to 100 terabytes of data were stolen. This data included new releases and employee details. Huge companies like Sony have proven to be fertile grounds for hackers looking to make a quick buck. However, big or small, all companies are at risk. This attack just shows that it is possible for the big companies to fall victim to it too. The difference is they likely will be able to bounce back. The same might not be said for other businesses. This is why knowing as much as possible about phishing attacks is crucial. Check out this quick guide to phishing from Cybertalk.org. All organizations should brief staff on how to avoid phishing attacks as part of their basic cybersecurity training regime.
The Democratic National Committee
During the run-up to the heated 2016 presidential election in the United States, members of the Democratic National Committee were sent an email that purported to contain a document detailing important statistics. The document was rigged.
This sophisticated phishing attack targeted the officials that had access to the most sensitive information. The information leaked included incredibly sensitive emails regarding the Clinton campaign and may have directly influenced the result of the US election. Hacking and politics are uneasy bedfellows.
The Ukrainian Power Grid
Given the geopolitical situation in the Eastern area of Ukraine, it is not surprising that the ‘breadbasket of Europe’ has been targeted with multiple online phishing attacks. One particular target over the years has been the power grid.
In 2015, computers across the power network were remotely controlled, with a mysterious external controller activating circuit breakers that plunged whole areas of the country into darkness. The attack began with a spear-phishing campaign. Power grid employees were sent a word document which, when opened, allowed hackers to gain access to their accounts remotely. Ukraine blamed their main geopolitical adversary: Russia.
The attack clearly demonstrated the ability of hackers to bring a nation to a standstill – if only for a minute.
Facebook – or Meta as the company is now known – is an immensely powerful company. A great many people would argue that the social media giant has accrued far more power than a private company should, echoing the economically damaging industrial monopolies of the 1920s.
All that power does not mean Facebook has been impervious to attack. Between 2013 and 2015, a clever cyber criminal posing as a computer parts vendor used their fake identity to send a series of fake invoices to Zuckerberg’s company. More than 100 million dollars was paid out by Facebook before the scam was found out. The figure behind the scam was found in Lithuania, extradited to the USA, and sentenced to 5 years in prison.