The 2021 FBI Internet Crime Report reveals that spear phishing scams snagged more victims than any other type of internet scam last year. Phishing and related tactics are attempts to trick victims into disclosing their credentials and other sensitive information.
Spear phishing isn’t a new tactic, though it has become more sophisticated over the years. Criminals will continue to use it because it is so successful as a pathway into secured networks. Some of the largest cyberattacks in the last decade began with spear phishing attacks. Here are a few examples:
Ubiquiti Networks lost $46.7M to scammers
On June 5, 2015, it was discovered that Ubiquiti Networks had been hit by a spear phishing attack that cost the company $46.7 million. They were able to recover about $15 million as they contacted their bank as soon as it was clear they had fallen victim to a scam. Ubiquity disclosed that the criminal fraud resulted from “employee impersonation and fraudulent requests from an outside entity targeting the Company’s finance department.”
FACC forfeited $55M
FACC manufactures engine and interior parts for Airbus, Boeing, and other aerospace manufacturers. The company lost $55 million when they were struck by attackers on January 19, 2016. Following the accident, the company’s stock dropped 17%. FACC removed Walter Stephan from his role as CEO in May of that year due to his involvement in the attack.
Crelan Bank was taken for $75.8M
On January 19, 2016, this Dutch Bank released a statement stating it had lost about $75.8 million to fraud. Crelan assured the public that the bank reserves would protect its clients and partners from the loss and that additional security had been deployed to prevent this type of fraud in the future.
Facebook & Google were tricked for 100M
On March 21, 2017, the Department of Justice released a statement about a Lithuanian email scam that had taken roughly $100 million from two tech giants. While they have refused to comment, major tech news sources such as CNET and Fortune believe that these two companies are Google and Facebook. This demonstrates that even the most sophisticated corporations can fall victim to highly targeted social engineering attacks.
These numbers do not capture the full damage to the companies. There are costs related to downtime, investigations, and data leaks. The attack on Sony Pictures Entertainment was estimated to cost $35 million for the fiscal year ending March 31, 2015. The Sony attackers destroyed data and leaked private and sensitive information of Sony employees. Seven months later Sony agreed to pay up to $8 million to those employees claiming to be damaged by Sony’s negligence. The Sony attack was “probably” made possible by a series of phishing emails asking targeted employees to verify their Apple IDs.
Access Tech understands that every business, no matter size or industry, deserves to be protected. Security is step by step, ongoing process and every business is in a different place in their journey with changes happening every day. Contact us to learn more about what businesses are doing to stay a step ahead.