The worst-ever phishing scams
Computing looks at some of the most notorious attacks of recent times
Unlike many other cyber attacks, phishing or spear phishing attacks aren't particularly sophisticated. The idea is to get the victim to click on a bogus link in an attempt to acquire sensitive information or access to systems.
Such attacks are increasing around the world. Nearly 100,000 people reported receiving phishing emails in 2015 in the UK alone, making nearly 8,000 reports to the police every month.
Here are some of the biggest phishing attacks so far:
5. The UK's biggest phishing scam
The Met Police's Action Fraud unit estimated that £59m worth of fraud was prevented after three men were convicted of launching sophisticated phishing scams to access the accounts of bank customers in 14 countries.
About 2,600 phishing pages that mimicked banking websites were analysed by the Met Police Central e-Crime Unit (PCeU), the Serious Organised Crime Agency and the US Secret Service.
The men behind the scam were traced to the UK, where they stayed in plush hotels in London while continuing to scam victims.
They were eventually caught using laptops to log-in to servers storing compromised banking data.
Officers later discovered servers containing details of 30,000 bank customers, 12,500 of which were in the UK, and 70 million customer email addresses to be used in phishing scams.
The men were jailed for a total of 20 years. Investigating officer DI Jason Tunn said at the time that it was the "biggest case the PCeU has dealt with to date and is likely to be the biggest cyber phishing case so far in the UK".
The worst-ever phishing scams
Computing looks at some of the most notorious attacks of recent times
4. Operation Phish Phry
US and Egyptian authorities charged 100 people in 2009 for using phishing scams to steal account details from hundreds, possibly thousands, of people and transferring about $1.5m into fake accounts.
A two-year investigation dubbed Operation Phish Phry led to the discovery of a group of fraudsters who targeted US bank account holders using phishing techniques.
The bank fraud charges alone could have meant some of those charged would spend 20 years in jail.
The director of the FBI at the time called it the "largest international phishing case ever conducted".
The worst-ever phishing scams
Computing looks at some of the most notorious attacks of recent times
3. CEO phishing for a new job after being scammed
Plane part manufacturer FACC fired its CEO of 17 years after he fell for a phishing scam that cost the company $56.79m (about £39m).
Criminals pretended to be someone high up in the company and sent an email to CEO Waltar Stephan talking of the need for a secret transaction. Stephan fell for the scam and was fired with immediate effect.
"The supervisory board came to the conclusion that Mr Walter Stephan has severely violated his duties, in particular in relation to the ‘Fake President Incident'," the company said.
The firm did manage to recoup about a fifth of the money, but the rest disappeared into accounts in Slovakia and Asia, wiping a huge chunk off the company's share value.
Stephan wasn't the only one to suffer as a result of the scam, as the firm's CFO also left the company.
The worst-ever phishing scams
Computing looks at some of the most notorious attacks of recent times
2. Target data breach began with a phishing attack
The huge data breach that affected 110 million customers in 2013 is thought to have stemmed from a phishing attack.
The breach is likely to have been initiated through Fazio Mechanical Services (FSM), a heating, ventilation and air conditioning contractor in Pittsburgh. The firm was connected to Target's systems to provide electronic billing services, contract submissions and project management services.
Reports suggest that network credentials were stolen in an email malware attack at FSM that began at least two months before thieves started stealing card data from thousands of Target cash registers.
The breach cost Target hundreds of millions of dollars, and the firm fired its CEO and CIO. CIO Beth Jacobs (pictured), was accused of knowing about the flaws in her department, but doing too little to minimise the risks, while CEO Gregg Steinhafel was criticised for taking computer security too lightly.
The worst-ever phishing scams
Computing looks at some of the most notorious attacks of recent times
1. Security firm gets hit by a phishing scam
What's worse than a CEO falling for a phishing scam, or indeed a huge retailer like Target suffering a colossal data breach? Yep, a security firm getting hit by a phishing attack.
RSA suffered a data breach in March 2011 but kept tight-lipped about how the attack occurred. Weeks later, the firm revealed that a spear phishing attack exploited an Adobe Flash vulnerability that was unpatched at the time.
The attack enabled criminals to get hold of master keys for all RSA SecureID security tokens, which were then subsequently used to break into US defence suppliers' networks.