Top 7 Phishing Scams of 2013

In 2013, global volumes of phishing emails* dropped significantly compared with 2012. This is great news: users have become more savvy to the signs of mass phishing. Also, adoption of email authentication standards DKIM, SPF, and DMARC have begun to hamper spammers’ ability to pose as trusted brands.

The bad news is: even though mass phishing is down, spear phishing is not only on the rise, but is becoming more sophisticated. The APWG (Anti-Phishing Working Group) found that the number of brands targeted by spear phishing has risen.

While mass phishing uses spam email campaigns to lure as many people as possible into this digital trap, spear phishing focuses efforts on an individual or small group of people.

To target an individual, cybercriminals gather information about the person through social media or other public outlets and use that information to create personalized lures. Often, spear phishing targets people with access to highly secure data — such as government officials, tech leaders, or journalists.

In 2013, organized forces around the world executed highly sophisticated phishing scams to target a variety of organizations and leaders. Below, we have detailed the top 7 phishing scams from 2013:

  1. In August 2013, a few days before Iran’s national election to choose a successor to President Mahmoud Ahmadinejad, thousands of Gmail account users in Iran were targeted in phishing attack intended to influence the election.
  2. In April, an AP journalist journalist clicked on a spear phishing email disguised as a Twitter email. The phisher then hacked AP’s Twitter account. Stock markets plunged after a phony tweet about an explosion at the White House, erasing $136.5 billion of value from the S&P 500 index.
  3. In January 2013, a well-organized, sophisticated computer spy operation dubbed Red October was found to (still) be targeting high profile diplomats, governments and nuclear and energy research companies. The Red October operation used phishing emails purporting to be from companies’ HR departments. The attacked covered 69 countries.
  4. In March, a cyberattack wiped the hard drives of computers in banks and broadcasting companies in South Korea. The attack came from phishing emails mimicking a South Korean bank.
  5. Using spear phishing emails, a large and complex hacker group in China was said to have hacked more than 100 companies in the U.S. The hacker group is said to have stolen proprietary manufacturing processes, business plans, communications data, and much more.
  6. In December, 2013, a man was arrested for his part in a phishing scam targeting UK college students. The scam sent emails inviting students to update their student loan details on a malicious site that took large amounts of money from their accounts.
  7. Last but not least, in October, a cunning phishing scam warned against phishing scams!

Though these scams list only a fraction of those perpetrated, worldwide, they show the breadth of  organizations and people targeted, the diversity of reasons for targeting individuals and companies, and the sophistication of the criminals.

In short, they show the even more urgent need for every organization to employ strong email security in 2014.

Be safe out there, email users! Protect yourself.

*Phishing email is email sent from a cybercriminal to lure someone to take an action that downloads software onto their machine. This software has been written to perform a malicious action, such as stealing account information or other valuable data.

minute read

Popular stories

Products

BriteVerify

BriteVerify email verification ensures that an email address actually exists in real-time

DemandTools

The #1 global data quality tool used by thousands of Salesforce admins

Everest

Insights and deliverability guidance from the only all-in-one email marketing solution

GridBuddy Cloud

Transform how you interact with your data through the versatility of grids.

Return Path

World-class deliverability applications to optimize email marketing programs

Trust Assessments

A revolutionary new solution for assessing Salesforce data quality

Solutions

Validity for Email

Increase inbox placement and maximize subscriber reach with clean and actionable data

Validity for Data Management

Simplify data management with solutions that improve data quality and increase CRM adoption

Validity for Sales Productivity

Give your sales team back hours per day with tools designed to increase productivity and mitigate pipeline risks in real-time