5 Worst Phishing Attacks Case Studies: Lessons Learned and How to Protect Yourself

The article presents five case studies of phishing attacks, analysed to illustrate the methods used, their consequences and the lessons that could be learned to mitigate such attacks.
The first case studied was the 2016 DNC phishing attack, where hackers used fake Google security alert emails to steal the Democratic National Committee’s credentials, resulting in confidential emails being leaked and influencing the US presidential election.
The second, the Google Docs phishing scam, saw users invited to collaborate on a Google Doc, which would grant hackers access to victim’s Gmail accounts via a rogue OAuth app, which was then used to phish further contacts.
In the third case, in 2015, Ubiquiti Networks experienced a business email compromise attack, whereby cybercriminals impersonated executives to trick employees into transferring $46.7 million to fraudulent accounts.
Crypto exchange phishing attacks (ongoing since 2017) involve hackers creating counterfeit exchange websites and emailing users with fake logins, tricking them into entering their credentials, and stealing their assets.
The last case study was that of business email compromise attacks, where cybercriminals posed as company executives to send fraudulent wire transfer requests, resulting in billions lost globally and extensive reputational damage.

Fast Feed