My Account

Cybersecurity Articles

Computer Security Feature Essays

Prominent Phishing Attacks that Have Occurred Over the Past Five Years

Phishing attacks have been a prevalent and ongoing problem for the past several years.

Tim Smith 4 months ago

2 MIN READ

WannaCry, BEC, Google Docs and Covid-19

Phishing attacks have been a prevalent and ongoing problem for the past several years. These attacks, which involve tricking individuals into providing sensitive information such as passwords or credit card numbers, have been used to steal millions of dollars and have affected individuals and organizations of all sizes.

In the last three years, some of the most prominent phishing attacks have included:

The Google Docs Phishing Attack of 2017: In May 2017, a phishing attack targeted users of Google Docs, a popular productivity tool. The attack involved an email that appeared to be from a known contact, with a link to a Google Doc. Once users clicked on the link, they were prompted to grant access to their Google account, which would then be used to spread the phishing attack to their contacts. The attack affected thousands of individuals and organizations, and prompted Google to take action to prevent similar attacks in the future.

The WannaCry Ransomware Attack of 2017: In May 2017, a ransomware attack known as WannaCry affected organizations across the globe, including major companies such as FedEx and the UK's National Health Service. The attack was spread via a phishing email that contained a malicious attachment. Once opened, the attachment would encrypt the victim's files and demand a ransom payment in order to restore access. The attack caused widespread disruption and significant financial losses.

The Business Email Compromise (BEC) Attacks: BEC attacks are a type of phishing attack that specifically target businesses. The attacks involve an attacker posing as a senior executive or other trusted individual and requesting that an employee transfer a large sum of money to a specified account. These attacks have become increasingly common in recent years, and have been used to steal millions of dollars from businesses of all sizes.

The COVID-19 Phishing Scams: The COVID-19 pandemic has provided a ripe opportunity for phishers to exploit people’s fear and uncertainty. Phishing emails, text messages, and social media posts have been sent out, claiming to be from legitimate sources such as the World Health Organization (WHO) or the Center for Disease Control and Prevention (CDC). These messages often contain links to malicious websites or attachments that, when clicked, can install malware on the victim's computer or steal personal information.

The SolarWinds Hack: In December 2020, it was discovered that a state-sponsored hacking group had compromised the systems of SolarWinds, a company that provides IT management software to a large number of US government agencies and businesses. The hackers used a phishing email to gain initial access to the company's systems, and then used that access to spread malware to thousands of other organizations. The attack resulted in the theft of sensitive information and caused significant disruption to affected organizations.

In summary, these are just a few examples of the many phishing attacks that have occurred in recent years. It's important to note that phishing attacks are becoming increasingly sophisticated, and attackers are constantly finding new ways to trick individuals and organizations into providing sensitive information. To protect against phishing attacks, it's important to be cautious when clicking on links in emails or text messages, and to be skeptical of unsolicited requests for personal or financial information. Additionally, organizations should implement robust security measures such as multi-factor authentication and employee training programs to help prevent phishing attacks.