Famous Phishing Incidents from History

While phishing attempts are becoming more and more clever, it certainly isn't a new cybercrime. Events like the hypothetical one above have occurred with disturbing regularity throughout the years, victimizing both individuals and entire corporations. Here are some famous phishing attacks from history:

AOHell, the First Recorded Example

Back in early 1994, a malicious program called AOHell was developed by a Pennsylvania teenager and was intended to crack America Online (AOL) accounts.

Among other things, the program ran on top of the AOL client, stealing user's passwords and using the program's credit card generator to create fake accounts, which they would then use to impersonate AOL customer service. Regular users were asked to verify their accounts for security purposes, making this arguably the earliest form of phishing.

The Nordea Bank Incident

In 2007, Swedish bank Nordea lost over 7 million kronor when phishers managed to send fraudulent emails out to bank customers, luring them to install the "haxdoor" Trojan disguised as anti-spam software.

Dubbed the "biggest ever online bank heist" by digital security company McAfee, Nordea customers were hit with phishing emails containing Trojan viruses that installed a keylogger into the victims' computers and directed them to a fake bank website where hackers intercepted login credentials.

While the exact blame can't be reliably placed, it is worth noting that most customers failed to have a running antivirus installed on their machines.

Operation Phish Phry

2009 saw one of the FBI's biggest cybersecurity busts ever after $1.5 million was stolen via bank frauds by various cyber thieves located in the United States and Egypt.

Former Director Robert Mueller noted that phishing attempts were a new part of the digital arms race, with cyber criminals always working to stay ahead of law enforcement by taking advantage of new developments in technology. He established the National Cyber Investigative Joint Task Force specifically designed for these kinds of attacks.


In 2011, the United States' defense suppliers were breached when security firm RSA fell victim to spear phishing due to an Adobe Flash vulnerability.

Disguised as recruitment plans for that year, the email targeted mid-level employees with just one line of text: "I forward this file to you for review. Please open and view it.". Only one employee had to open the email for phishers to gain backdoor access on the victim's desktop. The phishers then managed to bypass the company's SecurID two-factor authentication to steal company data.

Dyre Phishing Scam

In late 2014, malware produced by Russian hacker group Dyre resulted in the loss of millions of dollars. The phishers posed as tax consultants and convinced thousands of victims to download malicious executable files.

Dyre's long list of victims included paint and materials company Sherwin-Williams, engine parts manufacturer Miba, airliners RyanAir, and several other companies throughout the U.S., the UK, and Australia.

When the victim failed to enter their credentials into the fake phishing site, the hackers called the victim through Skype pretending to be law enforcement officers and bank employees to encourage the transfer. While the final arrests were made in late 2015, the legacy of the cyberattack lives on. A new phishing malware named TrickBot was created shortly after, using the same elements from Dyre to target similar financial institutions.

The Sony Pictures Leak

2014 also saw a huge data leak from Sony. Over 100 Terabytes containing confidential company activities were breached, resulting in well over $100 million lost. The phishers pretended to be colleagues of the top-level employees who opened the malicious attachments in the phishing emails.

Specifically, a fake Apple ID verification email was used in the attack. Through a combination of LinkedIn data and Apple ID logins, the phishers managed to find passwords that matched the ones used for the Sony network - a great example of why using different passwords for different online accounts is so important.

Facebook & Google

This is a huge one. Two of the world's largest tech giants, Facebook and Google, lost $100 million in this single email scam from Lithuania. While an arrest was made, the story shows that even the most advanced tech entities are susceptible to phishing attacks.

2018 World Cup

The Federal Trade Commission released this statement regarding phishing attempts during the 2018 World Cup in Russia. The scam claimed the victim won tickets to the World Cup through a lottery and prompted them to enter their personal information to claim the prize.

At the same time, a handful of rental scams were reported as well. Cybercriminals stole the email addresses of genuine landlords in Russia and offered ridiculously low prices for their properties during the sporting event. Once a "lucky buyer" accepted the offer, his or her credit card information was stolen.0