2017 Notable Phishing Attacks

Computer Hacker Silhouette Of Hooded Man | The Computer Guys

Worried about your sensitive information and personal data? Be wary of phishing scams.

According to Ironscales.com, mobile ransomware attacks are up 250% from January 2017. The scariest part? People keep opening up phishing emails. They open them with such regularity that it’s hard to believe that that already crazy-high number isn’t even higher. It’s vital that you understand what a phishing attack can do to your infrastructure—it’s more than a run-of-the-mill network crash. If a phishing email is sent to your email address and you open it, you could invite a data breach to your company’s doorstep that could drastically set you back and cost your company a fortune to try and remedy. We’ve researched the most damaging phishing scams from last year so that you have a better idea of what the effects could be.

Qatar

This Gulf nation of 2.3 million people and host of the 2022 World Cup wasn’t impacted by one major phishing attack in the first quarter of 2017. Instead, its businesses and residents were hit with more than 93,570 phishing events in that tiny three-month span. The attacks were a combination of email and SMS text-based phishing scams.

Widespread Business Email Compromise (BEC)

This attack from Nigeria-based hackers targeted more than 500 businesses, primarily industrial companies, prompting employees to download a file entitled “Energy & Industrial Solutions W.L.L_pdf.” Once downloaded, the unknown adversary injected malware used to gain access to sensitive company information.

Chipotle

An Eastern European cyber-criminal group sent malware-infested emails to Chipotle staff. The hackers compromised the POS systems of most Chipotle locations, using the breach to obtain customer credit card data from millions of people.

Amazon

In January, hackers attempted to access sensitive payment information by creating deals that looked “legitimate.” When buyers went to purchase discounted items, the transaction would appear as no longer available, prompting shoppers to input information to be used against them.

Ukrainian Accounting Firm

By the time December rolls around, this phishing attack may rank as one of the year’s most damaging. In June, a Ukrainian FinTech company, MeDoc, was breached, and its systems were injected with malware. Through a Microsoft vulnerability, the malware spread across the globe – impacting hundreds of organizations in Russia, Europe, India, and the United States.

Google & Facebook

After months of uncertainty, the U.S. Department of Justice (DOJ)announced the arrest of a Lithuanian man for allegedly stealing $100 million from two U.S.-based tech companies. The attacker targeted attack successfully used a phishing email to induce employees into wiring the money to overseas bank accounts under his control

IRS W2 Tax Season Spear-Phishing Scam

In the United States, a spear-phishing attack generated at the beginning of tax season involved attackers sending fake emails – appearing to be from corporate executives – that requested personal information from employees for tax and compliance purposes. As of mid-March, the attack had compromised more than 120,000 people at 100 organizations.

Google Docs Hacked

Work came to a halt for 3 million people worldwide in May when phishers were caught sending fraudulent email invitations to edit Google Docs. When opening the invitation, people were brought to a malicious third-party app, which allowed the adversaries to access people’s Gmail accounts.

WannaCry Shuts Down Business in 180 Countries

What might go down as one of the worst cyber attacks in history, the WannaCry ransomware attack, is suspected of having impacted more than 230,000 people in 150 countries. While debate remains as to whether or not email phishing was the primary attack vector, researchers believe it’s likely one that was used.

 

If you’re worried about your data, including credit card numbers, customer data, and other sensitive information, take the time to strengthen your cybersecurity and research phishing attacks. Don’t leave it up to chance—be prepared for whatever might be headed your way.