Phishing scams abound amid the pandemic, with the majority of emails sent over the last year featuring COVID-19-related subjects that deceive and persuade recipients into opening them. In fact, according to the FBI, phishing was the most common type of cybercrime in 2020, with 241,324 incidents, up from 114,702 incidents in 2019. The percentage of data breaches involving phishing also went up to 36% in 2020 from 25% the previous year.
Unfortunately, phishing attacks will only become more widespread and sophisticated over time. Today, $17,700 is lost every minute due to phishing scams, and this amount is projected to further increase in the future.
In this blog, we’ll run through some of the most costly phishing scams to date.
Related article: 4 Common types of phishing attacks
5. Ubiquiti Networks business email compromise (BEC) scam – $46.7 million
In 2015, Silicon Valley computer networking company Ubiquiti Networks fell victim to a BEC scam that cost them $46.7 million — nearly 10% of the company’s cash position. A fraudster, posing as the company’s CEO, instructed the finance department via email to execute 14 wire transfers over the course of 17 days to countries like Poland, China, Hungary, and Russia. It was the FBI that informed Ubiquiti Networks of the suspicious fund transfers to overseas accounts after closely monitoring the company’s Hong Kong subsidiary’s bank account.
Upon learning of the scam, Ubiquiti Networks initiated legal proceedings overseas and was immediately able to recover $8.1 million.
"$17,700 is lost every minute due to phishing scams"
4. Upsher-Smith Laboratories CEO impersonation – $50 million
In 2014, cybercriminals impersonating the CEO of Upsher-Smith Laboratories directed an employee via email to execute nine wire transfers over the course of three weeks. Thankfully, the company was able to recall one wire transfer, reducing their loss to $39 million.
3. FACC acquisition fraud – $61 million
FACC, a company that manufactures aircraft parts for Airbus and Boeing, lost a total of $61 million when their former CEO’s email account was spoofed by cybercriminals. That email account was used to instruct an entry-level accounting employee to wire funds to an overseas bank account as part of an “acquisition project.” FACC was only able to recover one-fifth of their loss.
2. Crelan Bank BEC scam – $75.8 million
In 2016, Crelan Bank lost $75.8 million in a BEC scam that they only discovered during an internal audit. The attackers — suspected to be foreigners — spoofed the CEO’s email account by masking the sender as the CEO. They used that email account to trick an employee into wiring money to a fake bank account.
Crelan Bank didn’t disclose any other details regarding the incident, but they announced that they’ve implemented new security measures to prevent similar attacks from happening in the future.
1. Facebook and Google invoice scam – over $100 million
The most expensive phishing scam to date involves Facebook and Google. Between 2013 and 2015, Lithuanian cybercriminal Evaldas Rimasauskas pretended to be an employee of Quanta Computer, a Taiwan-based electronics supplier of the two tech giants. Using spoofed email accounts, he emailed a series of fake invoices to Facebook and Google staff who regularly handled multimillion-dollar transactions with Quanta Computer. Those employees responded by wiring more than $100 million to what they thought were Quanta Computer's legitimate bank accounts.
These transactions weren’t flagged as suspicious by Facebook’s and Google’s banks because Rimasauskas also falsified supporting documents, such as invoices, contracts, and letters with forged signatures of top executives and look-alike corporate seals.
In 2017, Lithuanian authorities arrested Rimasauskas and was extradited to the United States. He pleaded guilty and surrendered $49.7 million of the $100 million that he stole.
Safeguard your business from phishing attacks with SpectrumWise’s email/spam protection service. When you subscribe to this service, you get to enjoy first-class firewalls, state-of-the-art filtering programs, automated quarantines, and email encryption. Get started today!