From AOHell to Sony: World’s 10 Most Notorious Phishing Attacks

January 7, 2025 | Cybersecurity
By Ashwani Mishra, Editor-Technology, 63SATS

Imagine a scene from Ocean’s Eleven, but instead of suave con artists cracking casino vaults, you’ve got cybercriminals crafting deceptive emails, malware, and fake login pages to siphon off millions. This digital heist has its roots in the 1990s, with phishing evolving into one of the most sinister tools in a hacker’s arsenal.

Let’s journey through some of history’s most infamous phishing scams, each more audacious than the last.

1. AOHell – The First Recorded Scam (1994)
AOHell 63 Sats Cybersecurity India

A teenager in Pennsylvania created AOHell to exploit AOL accounts, stealing passwords and generating fake credit card accounts. Users unwittingly verified their credentials, marking the dawn of phishing.

2. Nordea Bank’s Keylogging Disaster (2007)

Dubbed “the biggest online bank heist,” phishing emails tricked Nordea customers into installing a Trojan disguised as anti-spam software. This led to a loss of over 7 million kronor.

3. Operation Phish Phry (2009)

The FBI cracked down on a phishing ring that stole $1.5 million via bank fraud. This bust highlighted the evolving sophistication of phishing networks.

4. RSA Security Breach (2011)

A spear phishing attack targeted mid-level employees at RSA, exploiting a Flash vulnerability. This gave attackers backdoor access, compromising the U.S. defense supplier’s systems.

5. Facebook & Google Duped (2013-2015)

Cybercriminals posed as Quanta, a Taiwanese vendor, sending fake invoices that led Facebook and Google to lose $100 million. Legal proceedings later recovered $49.7 million.

6. Dyre Malware Campaign (2014)

Phishers posing as tax consultants distributed Dyre malware, targeting financial institutions globally. They even called victims via Skype, impersonating law enforcement to finalize fraudulent transfers.

7. Sony Pictures Leak (2014)
sony hack 63 Sats Cybersecurity India

Using fake Apple ID verification emails, hackers accessed Sony’s network, stealing over 100 terabytes of data and causing losses exceeding $100 million.

8. Ubiquiti Networks’ 17-Day Ordeal (2015)

Ubiquiti’s Chief Accounting Officer received fake instructions from the CEO and a lawyer, resulting in $46.7 million being transferred to foreign accounts over 17 days.

9. Crelan Bank Heist (2016)

Belgium’s Crelan Bank fell victim to a BEC scam, losing $75.8 million. This attack emphasized how trust can be manipulated in the digital age.

10. FACC’s $61 Million Loss (2016)

Phishers impersonated FACC’s CEO, tricking the accounting department into transferring $61 million. This showcased the risks of social engineering even in secure organizations.

From AOHell’s teenage mischief to Sony’s catastrophic data breach, these phishing attacks reveal one undeniable truth: vigilance is key in the fight against cybercrime.

Just like in any heist movie, the best defense lies in staying one step ahead of the hackers.