5 Successful phishing scams that targeted businesses

5 Successful phishing scams that targeted businesses

The Anti-Phishing Working Group recorded 316,747 phishing attacks in December 2021 — the highest monthly total phishing attacks in their reporting history and triple early 2020’s monthly totals, which was around 68,000–94,000 attacks.

Aside from increasing in number, phishing scams are also growing in sophistication, making them harder to detect. In fact, Proofpoint’s 2022 State of the Phish Report found that over 83% of organizations fell victim to successful phishing attacks in 2021, with 54% of successful attacks resulting in a data breach.

Read also: 6 Common phishing myths, debunked

In this blog, we’ll take a look at five phishing scams to help you become more familiar with phishers' modus operandi.

1. Lithuanian cybercriminal scams two tech giants

Between 2013 and 2015, Facebook and Google were scammed by Lithuanian cybercriminal Evaldas Rimasauskas.

Rimasauskas posed as an employee of Quanta Computer, a common supplier of Facebook and Google. He used spoofed email accounts to send a series of fake invoices to the employees of the two tech giants. Those employees regularly managed multimillion-dollar transactions with Quanta Computer, so they responded to those fake invoices by wiring more than $100 million to what they thought were their supplier’s legitimate bank accounts.

Facebook’s and Google’s banks didn’t flag those wire transfers as suspicious since Rimasauskas also provided fake supporting documents like contracts and letters with forged signatures.

2. Drug company CEO imposter directs multiple wire transfers

Over the course of three weeks in 2014, scammers pretending to be Upsher-Smith Laboratories's CEO instructed a staff member through email to make nine wire transfers, amounting to nearly $50 million. The organization managed to recall one wire transfer, reducing their losses to $39 million.

3. Computer networking company CEO fraudster executes international wire transfers

In 2015, Ubiquiti Networks lost $46.7 million — almost 10% of the business’s cash position — to a BEC scam. Over the course of 17 days, cybercriminals posing as the company's CEO directed the finance team via email to conduct 14 fund transfers to various countries such as Russia, China, Hungary, and Poland.

After monitoring the company’s Hong Kong subsidiary's bank account, the FBI notified Ubiquiti Networks of the suspicious wire transfers to overseas accounts. As soon as Ubiquiti Networks became aware of the scam, they initiated legal proceedings overseas and quickly recovered $8.1 million.

4. Belgian Bank unearths BEC scam during an internal audit

An internal audit revealed that Crelan Bank lost $75.8 million in a BEC scam in 2016. The cybercriminals spoofed the CEO’s email account by masking the sender as the CEO. Using that email account, they tricked a Crelan Bank employee into transferring funds to a fake bank account.

5. Fake CEO of aircraft manufacturer instructs fund transfers to foreign accounts

In 2016, Fischer Advanced Composite Components AG (FACC) fell victim to CEO fraud, mistakenly wiring 54 million euros ($61 million) for their supposed acquisition project. Their employee from the finance department made the transfer after receiving instructions via email from cybercriminals who were posing as the company’s CEO, Walter Stephan.

When FACC realized that they were scammed, they implemented countermeasures and successfully stopped the transfer of 10.9 million euros. However, they failed to recover the rest of the money from Slovakia and Asia.

The IT experts of Founders Technology Group can safeguard your company against phishing scams and other cyberthreats. Schedule your FREE IT consultation today to learn more about our IT security services.