Summary: In this blog, we talked about how email phishing attacks have cost millions of dollars to top companies, such as Facebook and Google. Apart from this, we have also mentioned specific measures for protecting one’s organization from phishing attacks, including a comprehensive email monitoring policy, discouraging the use of public Internet connections, and updating passwords frequently, to name a few.
Internet-related crimes are increasing day-by-day, posing a serious threat to companies. Every year, organizations across the world lose a significant amount of money to cybercrimes. According to the Internet Crime Report 2020 by the FBI’s Internet Crime Complaint Center (IC3), individuals and businesses lost more than $4.1 billion in 2020 due to cybercrime-related incidents. According to the report, the top five crime types (based on victims count) were:
- Phishing/Vishing/Smishing/Pharming
- Non-Payment/Non-Delivery
- Extortion
- Personal Data Breach
- Identity Theft
According to the report, due to Business E-mail Compromise (BEC)/Email Account Compromise (EAC), 19,369 complaints got registered with an adjusted loss of approximately $1.8 billion. The scam is frequently carried out when a subject compromises legitimate business email accounts through computer intrusion techniques to conduct unauthorized transfers of funds.
In 2020, 2,474 ransomware incidents were reported, with adjusted losses of over $29.1 million. Some of the techniques through which cyber criminals infect victims with ransomware include email phishing campaigns and Remote Desktop Protocol (RDP).
In 2020, phishing scams were prominent. In total, 241,342 complaints were registered, with adjusted losses of approximately $54 million.
In email phishing, the attacker masquerades as someone else to trick the message receiver into taking the desired action like releasing payments for fake invoices, sharing sensitive business documents, etc. To give you an idea of how dangerous phishing scams can be, we share some of the costliest phishing email scams of all time:
1. Facebook and Google Lose $100 Million
Facebook and Google are two of the largest tech companies in the world and have all the means and systems in place to protect themselves from cybercrimes and other internet-related attacks. Unfortunately, despite their unparalleled security measures, they fell for a massive phishing scam a few years ago.
In 2017, a Fortune report revealed that Facebook and Google were duped for over $100 million through a grand email phishing scheme. The companies admitted that their employees fell for an email phishing attack that was launched by a 48-year old man Evaldas Rimasauskas, who masqueraded as an electronics manufacturer. He forged email addresses, contracts, and invoices to trick the employees of these companies to pay for electronics supplies.
2. Belgium’s Crelan Bank Loses $70 Million Euro
In 2016, Belgium’s Crelan Bank lost 70 million euros to a phishing email attack that was launched from another country. According to one other source, the total loss was estimated to be $75.8 million. It was a victim of so-called CEO fraud (or Business Email Compromise scam) in which the fraudsters are usually able to spoof company email accounts by impersonating the CEO or another high-up manager. They used this masqueraded identity to trick an employee into executing unauthorized wire transfers.
3. CEO Spoofing Costs Upsher-Smith Laboratories $50 Million
Upsher-Smith Laboratories, which is one of the largest American drug companies, was grifted out of more than 50 million dollars in 2014 in a phishing scam. Over the course of three weeks, some con artists contacted the company’s accounts payable coordinator impersonating as the company’s CEO. They sent phishing emails and directed the victim to make nine wire transfers to their account(s), totaling more than $50 million.
How to Protect Your Organization from Phishing Emails?
The incidents above show how easily some of the most powerful and reputed companies fell victim to phishing scams, resulting in millions of dollars of loss. Such phishing incidents are increasingly becoming a threat for every small and big organization. Fortunately, there are ways to prevent and protect your organization from email phishing attacks. The following are some helpful steps that you can take to protect your organization:
- Put a strict and comprehensive email monitoring policy in place. When you actively keep an eye on the incoming and outgoing emails, then you can identify a potential threat in time. Even if an attack takes place, you can act quickly to prevent it from spreading and causing more damage.
Looking for an advanced email analysis tool that can help you monitor the company emails and detect signs of email attacks like malware, phishing, ransomware, etc.? Check out Stellar Email Forensic – a powerful email investigation software for IT administrators that is easy-to-use. Download now! |
- Provide in-depth training to your employees on the signs to look for in a phishing email like the actual email address, suspicious links, spelling and grammatical errors in the email body, etc.
- Discourage the use of public Internet connections for email communications. Public connections often implement weak or no encryption at all. Hackers can exploit these vulnerabilities to steal sensitive business data from your employees.
- Create a policy for frequent changing of passwords. This will minimize the risk of an unscrupulous entity cracking an employee’s email password and using the account for a phishing attack.
Falling for email phishing attacks is one of the costliest mistakes that companies around the globe make today. If you don’t want to become another victim, then it is strongly recommended that you should take appropriate prevention measures, including those mentioned above.