Jump to content

List of phishing incidents

From Wikipedia, the free encyclopedia

The list of phishing incidents covers important or noteworthy events in the history of phishing.

1980s

[edit]
  • 1984
    • An early phishing incident was documented at the New Jersey Institute of Technology (NJIT). In an article titled "Life in a Wired Society" in Omni magazine, Murray Turoff challenged a 'sandy-haired whiz kid', Bob Michie, to find a vulnerability in NJIT's EIES computer system. The resulting discovery was part of a sanctioned operation and could be considered one of the earliest documented successful phishing attempts.[1]
  • 1987
    • A phishing technique was described in detail in a paper and presentation delivered to the 1987 International HP Users Group, Interex.[2]

1990s

[edit]

The term "phishing" is said to have been coined by the well known spammer and hacker in the mid-90s, Khan C. Smith.[3] The first recorded mention of the term is found in the hacking tool AOHell (according to its creator), which included a function for attempting to steal the passwords or financial details of America Online users.[4][5]

  • 1995
    • Phishing on AOL was a technique used by the warez community, who traded in unlicensed software, and black hat hackers to steal credit card information and commit other online crimes. AOL would suspend the accounts of individuals caught using certain keywords in chat rooms related to counterfeiting software or stolen accounts. The term "phishing" originated from the use of the <>< symbol in chat transcripts as a way to disguise references to illegal activity and evade detection by AOL staff. The symbol resembled a fish, and, combined with the popularity of phreaking, led to the term "phishing." AOHell, a program released in 1995, allowed hackers to impersonate AOL staff and send instant messages to victims asking them to reveal their passwords[6] by claiming to need to "verify your account" or "confirm billing information".[citation needed] AOHell was a custom-written program used for phishing and warezing on AOL. In an effort to combat phishing, AOL added a warning to all instant messages stating that they would never ask for passwords or billing information. However, users with both AOL and non-AOL internet accounts (such as those from an ISP) could still phish AOL members without consequences.[7] In 1995, AOL implemented measures to prevent the use of fake credit card numbers to open accounts, leading to an increase in phishing for legitimate accounts.[8] AOL deactivated accounts involved in phishing, and eventually the warez scene on AOL was shut down, causing most phishers to leave the service.[9]

2000s

[edit]
  • 2001
  • 2003
    • The first known phishing attack against a retail bank was reported by The Banker in September 2003.[11]
  • 2004
    • It is estimated that between May 2004 and May 2005, approximately 1.2 million computer users in the United States suffered losses caused by phishing, totaling approximately US$929 million. United States businesses lose an estimated US$2 billion per year as their clients become victims.[12]
    • Phishing is recognized as a fully organized part of the black market. Specializations emerged on a global scale that provided phishing software for payment (thereby outsourcing risk), which were assembled and implemented into phishing campaigns by organized gangs.[13][14]
  • 2005
    • In the United Kingdom losses from web banking fraud—mostly from phishing—almost doubled to £23.2m in 2005, from £12.2m in 2004,[15] while 1 in 20 computer users claimed to have lost out to phishing in 2005.[16]
  • 2006
    • Almost half of phishing thefts in 2006 were committed by groups operating through the Russian Business Network based in St. Petersburg.[17]
    • Banks dispute with customers over phishing losses. The stance adopted by the UK banking body APACS is that "customers must also take sensible precautions ... so that they are not vulnerable to the criminal."[18] Similarly, when the first spate of phishing attacks hit the Irish Republic's banking sector in September 2006, the Bank of Ireland initially refused to cover losses suffered by its customers,[19] although losses to the tune of €113,000 were made good.[20]
    • Phishers are targeting the customers of banks and online payment services. Emails, supposedly from the Internal Revenue Service, have been used to glean sensitive data from U.S. taxpayers.[21] While the first such examples were sent indiscriminately in the expectation that some would be received by customers of a given bank or service, recent research has shown that phishers may in principle be able to determine which banks potential victims use, and target bogus emails accordingly.[22]
    • Social networking sites are a prime target of phishing, since the personal details in such sites can be used in identity theft;[23] in late 2006 a computer worm took over pages on MySpace and altered links to direct surfers to websites designed to steal login details.[24]
  • 2007
    • 3.6 million adults lost US$3.2 billion in the 12 months ending in August 2007.[25] Microsoft claims these estimates are grossly exaggerated and puts the annual phishing loss in the US at US$60 million.[26]
    • Attackers who broke into TD Ameritrade's database and took 6.3 million email addresses (though they were not able to obtain social security numbers, account numbers, names, addresses, dates of birth, phone numbers and trading activity) also wanted the account usernames and passwords, so they launched a follow-up spear phishing attack.[27]
  • 2008
    • The RapidShare file sharing site has been targeted by phishing to obtain a premium account, which removes speed caps on downloads, auto-removal of uploads, waits on downloads, and cool down times between uploads.[28]
    • Cryptocurrencies such as Bitcoin facilitate the sale of malicious software, making transactions secure and anonymous.[citation needed]
  • 2009
    • In January 2009, a phishing attack resulted in unauthorized wire transfers of US$1.9 million through Experi-Metal's online banking accounts.
    • In the third quarter of 2009, the Anti-Phishing Working Group reported receiving 115,370 phishing email reports from consumers with US and China hosting more than 25% of the phishing pages each.[29]

2010s

[edit]
Unique phishing reports by year [30]
Year Campaigns
2005
173,063
2006
268,126
2007
327,814
2008
335,965
2009
412,392
2010
313,517
2011
284,445
2012
320,081
2013
491,399
2014
704,178
2015
1,413,978
  • 2011
    • In March 2011, Internal RSA staff were successfully phished,[31] leading to the master keys for all RSA SecurID security tokens being stolen, then subsequently used to break into US defense suppliers.[32]
    • Chinese phishing campaigns targeted Gmail accounts of highly ranked officials of the United States and South Korean governments and militaries, as well as Chinese political activists.[33][34]
  • 2012
    • According to Ghosh, there were "445,004 attacks in 2012 as compared to 258,461 in 2011 and 187,203 in 2010".
  • 2013
    • In August 2013, advertising service Outbrain suffered a spear-phishing attack and SEA placed redirects into the websites of The Washington Post, Time, and CNN.[35]
    • In October 2013, emails purporting to be from American Express were sent to an unknown number of recipients.[36]
    • In November 2013, 110 million customer and credit card records were stolen from Target customers, through a phished subcontractor account.[37] CEO and IT security staff subsequently fired.[38]
    • By December 2013, Cryptolocker ransomware had infected 250,000 computers. According to Dell SecureWorks, 0.4% or more of those infected likely agreed to the ransom demand.[39]
  • 2014
    • In January 2014, the Seculert Research Lab identified a new targeted attack that used Xtreme RAT. This attack used spear phishing emails to target Israeli organizations and deploy the piece of advanced malware. Fifteen machines were compromised including ones belonging to the Civil Administration of Judea and Samaria.[40][41][42][43][44][45][46]
    • In August 2014, the iCloud leaks of celebrity photos was found to be based on phishing e-mails sent to the victims that looked like they came from Apple or Google, warning the victims that their accounts might be compromised and asking for their account details.[47]
    • In November 2014, phishing attacks on ICANN gained administrative access to the Centralized Zone Data System; also gained was data about users in the system – and access to ICANN's public Governmental Advisory Committee wiki, blog, and whois information portal.[48]
  • 2015
  • 2016
  • In February, Austrian aerospace firm FACC AG was defrauded of 42 million euros ($47 million) through a BEC attack – and subsequently fired both the CFO and CEO.[57]
  • 2017
    • In 2017, 76% of organizations experienced phishing attacks. Nearly half of information security professionals surveyed said that the rate of attacks increased from 2016.
    • In the first half of 2017 businesses and residents of Qatar were hit with more than 93,570 phishing events in a three-month span.[71]
    • A phishing email to Google and Facebook users successfully induced employees into wiring money – to the extent of US$100 million – to overseas bank accounts under the control of a hacker. He has since been arrested by the US Department of Justice.[72]
    • In August 2017, customers of Amazon faced the Amazon Prime Day phishing attack, when hackers sent out seemingly legitimate deals to customers of Amazon. When Amazon's customers attempted to make purchases using the "deals", the transaction would not be completed, prompting the retailer's customers to input data that could be compromised and stolen.[73]
  • 2018
    • In 2018, the company block.one, which developed the EOS.IO blockchain, was attacked by a phishing group who sent phishing emails to all customers, aimed at intercepting the user's cryptocurrency wallet key; and a later attack targeted airdrop tokens.[74]
  • 2019
    • Between May 30, 2019, and October 6, 2019, an unauthorized individual gained access to employee email accounts at Golden Entertainment, a Las Vegas, Nevada slot machine operator using an email phishing attack.[75] The attacker had access to one particular email with an attachment containing the Social Security Numbers, Passport numbers, government IDs, and various personal data of multiple company employees and vendors. It is unclear whether this information was exposed.[76] The company notified all affected individuals as a precaution, offering them complimentary Credit report monitoring. Subsequently, a class action lawsuit against the company was approved in the United States District Court for the District of Nevada on December 17, 2020.[77]
    • From 2015 to 2019, Unatrac Holding Ltd. was subjected to an ongoing spear phishing attack, costing about US$11 million. Obinwanne Okeke and conspirators first acquired the company CFO's email credentials. Then, they sent fake invoices and wire transfer requests to the company's financial department.[78] Okeke perpetrated cyberfraud against many other businesses and individuals, successfully capturing email and other sensitive login credentials. On February 16, 2021, he was sentenced to 10 years in prison.[79]

2020s

[edit]
  • 2020
    • On July 15, 2020, Twitter suffered a breach that combined elements of social engineering and phishing. A 17-year-old hacker and accomplices set up a fake website resembling Twitter's internal VPN provider used by remote working employees. Individuals posing as helpdesk staff called multiple Twitter employees, directing them to submit their credentials to the fake VPN website.[80] Using the details supplied by the unknowing employees, they were then able to seize control of several high-profile user accounts, including Barack Obama, Elon Musk, Joe Biden and Apple Inc.'s company account. The hackers sent messages to Twitter followers soliciting Bitcoin promising double the transaction value in return, collecting 12.86 BTC (about $117,000 at the time).[81]

Overview

[edit]
Total number of unique phishing reports (campaigns) received, according to APWG[30]
Year Jan Feb Mar Apr May Jun Jul Aug Sep Oct Nov Dec Total
2005 12,845 13,468 12,883 14,411 14,987 15,050 14,135 13,776 13,562 15,820 16,882 15,244 173,063
2006 17,877 17,163 18,480 17,490 20,109 28,571 23,670 26,150 22,136 26,877 25,816 23,787 268,126
2007 29,930 23,610 24,853 23,656 23,415 28,888 23,917 25,624 38,514 31,650 28,074 25,683 327,814
2008 29,284 30,716 25,630 24,924 23,762 28,151 24,007 33,928 33,261 34,758 24,357 23,187 335,965
2009 34,588 31,298 30,125 35,287 37,165 35,918 34,683 40,621 40,066 33,254 30,490 28,897 412,392
2010 29,499 26,909 30,577 24,664 26,781 33,617 26,353 25,273 22,188 23,619 23,017 21,020 313,517
2011 23,535 25,018 26,402 20,908 22,195 22,273 24,129 23,327 18,388 19,606 25,685 32,979 284,445
2012 25,444 30,237 29,762 25,850 33,464 24,811 30,955 21,751 21,684 23,365 24,563 28,195 320,081
2013 28,850 25,385 19,892 20,086 18,297 38,100 61,453 61,792 56,767 55,241 53,047 52,489 491,399
2014 53,984 56,883 60,925 57,733 60,809 53,259 55,282 54,390 53,661 68,270 66,217 62,765 704,178
2015 49,608 55,795 115,808 142,099 149,616 125,757 142,155 146,439 106,421 194,499 105,233 80,548 1,413,978
2016 99,384 229,315 229,265 121,028 96,490 98,006 93,160 66,166 69,925 51,153 64,324 95,555 1,313,771
2017 96,148 100,932 121,860 87,453 93,285 92,657 99,024 99,172 98,012 61,322 86,547 85,744 1,122,156
2018 89,250 89,010 84,444 91,054 82,547 90,882 93,078 89,323 88,156 87,619 64,905 87,386 1,040,654
2019 34,630 35,364 42,399 37,054 40,177 34,932 35,530 40,457 42,273 45,057 42,424 45,072 475,369

"APWG Phishing Attack Trends Reports". Retrieved May 5, 2019.

See also

[edit]

References

[edit]
  1. ^ Garr, Doug (March 1984). "Life in a Wired Society". Omni. 6: 56.
  2. ^ Felix, Jerry & Hauck, Chris (September 1987). "System Security: A Hacker's Perspective". 1987 Interex Proceedings. 8: 6.
  3. ^ "EarthLink wins $25 million lawsuit against junk e-mailer". Archived from the original on March 22, 2019. Retrieved April 11, 2014.
  4. ^ Langberg, Mike (September 8, 1995). "AOL Acts to Thwart Hackers". San Jose Mercury News. Archived from the original on April 29, 2016. Retrieved March 14, 2012.
  5. ^ Rekouche, Koceilah (2011). "Early Phishing". arXiv:1106.4692 [cs.CR].
  6. ^ Stutz, Michael (January 29, 1998). "AOL: A Cracker's Momma!". Wired News. Archived from the original on December 14, 2005.
  7. ^ "Phishing | History of Phishing". phishing.org. Archived from the original on September 9, 2018. Retrieved September 13, 2019.
  8. ^ "Phishing". Word Spy. Archived from the original on October 15, 2014. Retrieved September 28, 2006.
  9. ^ "History of AOL Warez". Archived from the original on April 6, 2011. Retrieved September 28, 2006.
  10. ^ "GP4.3 – Growth and Fraud — Case #3 – Phishing". Financial Cryptography. December 30, 2005. Archived from the original on January 22, 2019. Retrieved February 23, 2007.
  11. ^ Sangani, Kris (September 2003). "The Battle Against Identity Theft". The Banker. 70 (9): 53–54.
  12. ^ Kerstein, Paul (July 19, 2005). "How Can We Stop Phishing and Pharming Scams?". CSO. Archived from the original on March 24, 2008.
  13. ^ "In 2005, Organized Crime Will Back Phishers". IT Management. December 23, 2004. Archived from the original on December 31, 2010.
  14. ^ Abad, Christopher (September 2005). "The economy of phishing: A survey of the operations of the phishing market". First Monday. Archived from the original on November 21, 2011. Retrieved October 8, 2010.
  15. ^ "UK phishing fraud losses double". Finextra. March 7, 2006. Archived from the original on January 19, 2009. Retrieved May 20, 2006.
  16. ^ Richardson, Tim (May 3, 2005). "Brits fall prey to phishing". The Register. Archived from the original on June 10, 2019. Retrieved August 10, 2017.
  17. ^ Krebs, Brian (October 13, 2007). "Shadowy Russian Firm Seen as Conduit for Cybercrime". The Washington Post. Archived from the original on June 11, 2019. Retrieved September 8, 2017.
  18. ^ Miller, Rich (September 13, 2006). "Bank, Customers Spar Over Phishing Losses". Netcraft. Retrieved December 14, 2006.
  19. ^ "Latest News". Archived from the original on October 7, 2008.
  20. ^ "Bank of Ireland agrees to phishing refunds". vnunet.com. Archived from the original on October 28, 2008.
  21. ^ "Suspicious e-Mails and Identity Theft". Internal Revenue Service. Archived from the original on February 21, 2011. Retrieved July 5, 2006.
  22. ^ "Phishing for Clues". Indiana University Bloomington. September 15, 2005. Archived from the original on July 31, 2009. Retrieved September 15, 2005.
  23. ^ Kirk, Jeremy (June 2, 2006). "Phishing Scam Takes Aim at MySpace.com". IDG Network. Archived from the original on June 16, 2006.
  24. ^ "Malicious Website / Malicious Code: MySpace XSS QuickTime Worm". Websense Security Labs. Archived from the original on December 5, 2006. Retrieved December 5, 2006.
  25. ^ McCall, Tom (December 17, 2007). "Gartner Survey Shows Phishing Attacks Escalated in 2007; More than $3 Billion Lost to These Attacks". Gartner. Archived from the original on November 18, 2012. Retrieved December 20, 2007.
  26. ^ "A Profitless Endeavor: Phishing as Tragedy of the Commons" (PDF). Microsoft. Retrieved November 15, 2008.
  27. ^ "Torrent of spam likely to hit 6.3 million TD Ameritrade hack victims". Archived from the original on August 21, 2008.
  28. ^ "1-Click Hosting at RapidTec — Warning of Phishing!". Archived from the original on April 30, 2008. Retrieved December 21, 2008.
  29. ^ APWG. "Phishing Activity Trends Report" (PDF). Archived from the original (PDF) on October 3, 2012. Retrieved November 4, 2013.
  30. ^ a b "APWG Phishing Attack Trends Reports". Archived from the original on March 21, 2021. Retrieved October 20, 2018.
  31. ^ "Anatomy of an RSA attack". RSA.com. RSA FraudAction Research Labs. Archived from the original on October 6, 2014. Retrieved September 15, 2014.
  32. ^ Drew, Christopher; Markoff, John (May 27, 2011). "Data Breach at Security Firm Linked to Attack on Lockheed". The New York Times. Archived from the original on July 9, 2019. Retrieved September 15, 2014.
  33. ^ Keizer, Greg (August 13, 2011). "Suspected Chinese spear-phishing attacks continue to hit Gmail users". Computerworld. Archived from the original on March 21, 2021. Retrieved December 4, 2011.
  34. ^ Ewing, Philip (August 22, 2011). "Report: Chinese TV doc reveals cyber-mischief". Dod Buzz. Archived from the original on January 26, 2017. Retrieved December 4, 2011.
  35. ^ "Syrian hackers Use Outbrain to Target The Washington Post, Time, and CNN" Archived October 19, 2013, at the Wayback Machine, Philip Bump, The Atlantic Wire, August 15, 2013. Retrieved August 15, 2013.
  36. ^ Paul, Andrew. "Phishing Emails: The Unacceptable Failures of American Express". Email Answers. Archived from the original on October 9, 2013. Retrieved October 9, 2013.
  37. ^ O'Connell, Liz. "Report: Email phishing scam led to Target breach". Bring Me the News. Archived from the original on September 15, 2014. Retrieved September 15, 2014.
  38. ^ Ausick, Paul. "Target CEO Sack". Archived from the original on September 15, 2014. Retrieved September 15, 2014.
  39. ^ Kelion, Leo (December 24, 2013). "Cryptolocker ransomware has 'infected about 250,000 PCs'". BBC. Archived from the original on March 22, 2019. Retrieved December 24, 2013.
  40. ^ "Israeli defence computer hacked via tainted email -cyber firm". Reuters. January 26, 2014. Archived from the original on September 24, 2015. Retrieved July 1, 2017.
  41. ^ לוי, רויטרס ואליאור (January 27, 2014). "האקרים השתלטו על מחשבים ביטחוניים". Ynet. Archived from the original on March 21, 2021. Retrieved November 29, 2016.
  42. ^ "Hackers break into Israeli defence computers, says security company". The Guardian. Archived from the original on February 9, 2014.
  43. ^ "Israel defence computers hit by hack attack". BBC News. January 27, 2014. Archived from the original on March 22, 2019. Retrieved June 22, 2018.
  44. ^ "Israeli Defense Computer Hit in Cyber Attack: Data Expert | SecurityWeek.Com". securityweek.com. January 27, 2014. Archived from the original on March 22, 2019. Retrieved September 13, 2019.
  45. ^ "Israel to Ease Cyber-Security Export Curbs, Premier Says". Bloomberg. Archived from the original on March 4, 2014. Retrieved March 11, 2017.
  46. ^ Halpern, Micah D. "Cyber Break-in @ IDF". HuffPost. Archived from the original on March 21, 2021. Retrieved February 20, 2020.
  47. ^ Prosecutors find that ‘Fappening’ celebrity nudes leak was not Apple’s fault Archived August 18, 2017, at the Wayback Machine March 15, 2016, Techcrunch
  48. ^ "ICANN Targeted in Spear Phishing Attack | Enhanced Security Measures Implemented". icann.org. Archived from the original on August 7, 2019. Retrieved December 18, 2014.
  49. ^ "Eccleston Indictment". November 1, 2013. Archived from the original on January 26, 2017. Retrieved November 22, 2020.
  50. ^ "Former U.S. Nuclear Regulatory Commission Employee Pleads Guilty to Attempted Spear-Phishing Cyber-Attack on Department of Energy Computers". February 2, 2016. Archived from the original on August 8, 2019. Retrieved November 22, 2020.
  51. ^ Nakashima, Ellen (September 28, 2016). "Russian hackers harassed journalists who were investigating Malaysia Airlines plane crash". The Washington Post. Archived from the original on April 23, 2019. Retrieved October 26, 2016.
  52. ^ ThreatConnect (September 28, 2016). "ThreatConnect reviews activity targeting Bellingcat, a key contributor in the MH17 investigation". ThreatConnect. Retrieved October 26, 2016.
  53. ^ Kube, Courtney (August 7, 2015). "Russia hacks Pentagon computers: NBC, citing sources". Archived from the original on August 8, 2019. Retrieved August 7, 2015.
  54. ^ Starr, Barbara (August 7, 2015). "Official: Russia suspected in Joint Chiefs email server intrusion". Archived from the original on August 8, 2019. Retrieved August 7, 2015.
  55. ^ Doctorow, Cory (August 28, 2015). "Spear phishers with suspected ties to Russian government spoof fake EFF domain, attack White House". Boing Boing. Archived from the original on March 22, 2019. Retrieved November 29, 2016.
  56. ^ Quintin, Cooper (August 27, 2015). "New Spear Phishing Campaign Pretends to be EFF". EFF. Archived from the original on August 7, 2019. Retrieved November 29, 2016.
  57. ^ "Austria's FACC, hit by cyber fraud, fires CEO". Reuters. May 26, 2016. Archived from the original on March 21, 2021. Retrieved December 20, 2018.
  58. ^ Sanger, David E.; Corasaniti, Nick (June 14, 2016). "D.N.C. Says Russian Hackers Penetrated Its Files, Including Dossier on Donald Trump". The New York Times. Archived from the original on July 25, 2019. Retrieved October 26, 2016.
  59. ^ Economist, Staff of (September 24, 2016). "Bear on bear". Economist. Archived from the original on May 20, 2017. Retrieved October 25, 2016.
  60. ^ "KU employees fall victim to phishing scam, lose paychecks". Archived from the original on March 22, 2019. Retrieved October 6, 2016.
  61. ^ "Hackers lurking, parliamentarians told". Deutsche Welle. Retrieved September 21, 2016.
  62. ^ Pinkert, Georg Heil; Berlin, Nicolas Richter (September 20, 2016). "Hackerangriff auf deutsche Parteien". Süddeutsche Zeitung. Retrieved September 21, 2016.
  63. ^ Holland, Martin (September 20, 2016). "Angeblich versuchter Hackerangriff auf Bundestag und Parteien". Heise. Archived from the original on April 1, 2019. Retrieved September 21, 2016.
  64. ^ Hemicker, Lorenz; Alto, Palo. "Wir haben Fingerabdrücke". Frankfurter Allgemeine Zeitung. Frankfurter Allgemeine. Archived from the original on March 22, 2019. Retrieved September 21, 2016.
  65. ^ Hyacinth Mascarenhas (August 23, 2016). "Russian hackers 'Fancy Bear' likely breached Olympic drug-testing agency and DNC, experts say". International Business Times. Retrieved September 13, 2016.
  66. ^ "What we know about Fancy Bears hack team". BBC News. September 15, 2016. Archived from the original on March 22, 2019. Retrieved September 17, 2016.
  67. ^ Gallagher, Sean (October 6, 2016). "Researchers find fake data in Olympic anti-doping, Guccifer 2.0 Clinton dumps". Ars Technica. Archived from the original on July 14, 2017. Retrieved October 26, 2016.
  68. ^ "Russian Hackers Launch Targeted Cyberattacks Hours After Trump's Win". November 10, 2016. Archived from the original on January 27, 2017. Retrieved November 28, 2016.
  69. ^ European Parliament Committee on Foreign Affairs (November 23, 2016), "MEPs sound alarm on anti-EU propaganda from Russia and Islamist terrorist groups" (PDF), European Parliament, archived (PDF) from the original on August 8, 2019, retrieved November 26, 2016
  70. ^ Lewis Sanders IV (October 11, 2016), 'Divide Europe': European lawmakers warn of Russian propaganda, Deutsche Welle, archived from the original on March 25, 2019, retrieved November 24, 2016
  71. ^ "Qatar faced 93,570 phishing attacks in first quarter of 2017". Gulf Times (in Arabic). May 12, 2017. Archived from the original on August 4, 2018. Retrieved January 28, 2018.
  72. ^ "Facebook and Google Were Victims of $100M Payment Scam". Fortune. Archived from the original on August 8, 2019. Retrieved January 28, 2018.
  73. ^ "Amazon Prime Day phishing scam spreading now!". The Kim Komando Show. Archived from the original on May 27, 2019. Retrieved January 28, 2018.
  74. ^ "Cryptocurrency Hackers Are Stealing from EOS's $4 Billion ICO Using This Sneaky Scam". Jen Wieczner. Archived from the original on March 21, 2021. Retrieved May 31, 2018.
  75. ^ "Golden Entertainment phishing attack exposes gamblers' data". verdict.co.uk. February 3, 2020. Retrieved March 23, 2022.
  76. ^ "How Phishing Impacts the Online Gambling Industry". sportsbetting3.com. November 9, 2021. Retrieved March 23, 2022.
  77. ^ "Miranda et al v. Golden Entertainment (NV), Inc" (PDF). justia.com. Retrieved March 23, 2022.
  78. ^ "Nigerian Man Sentenced 10 Years for $11 million Phishing Scam". cyberscoop.com. February 17, 2021. Retrieved March 23, 2022.
  79. ^ "Nigerian National Sentenced to Prison for $11 Million Global Fraud Scheme". justice.gov. February 16, 2021. Retrieved March 23, 2022.
  80. ^ "Twitter Investigation Report – Department of Financial Services". www.dfs.ny.gov. October 14, 2020. Retrieved October 11, 2020.
  81. ^ "Three Individuals Charged For Alleged Roles In Twitter Hack". justice.gov. Retrieved March 23, 2022.