List of phishing incidents explained

The list of phishing incidents covers important or noteworthy events in the history of phishing.

1980s

• 1984
  • An early phishing incident was documented at the New Jersey Institute of Technology (NJIT). In an article titled "Life in a Wired Society" in Omni magazine, Murray Turoff challenged a 'sandy-haired whiz kid', Bob Michie, to find a vulnerability in NJIT's EIES computer system. The resulting discovery was part of a sanctioned operation and could be considered one of the earliest documented successful phishing attempts.^[1]
• 1987
  • A phishing technique was described in detail in a paper and presentation delivered to the 1987 International HP Users Group, Interex.^[2]

1990s

The term "phishing" is said to have been coined by the well known spammer and hacker in the mid-90s, Khan C. Smith.^[3] The first recorded mention of the term is found in the hacking tool AOHell (according to its creator), which included a function for attempting to steal the passwords or financial details of America Online users.^{[4] [5]}

• 1995
  • Phishing on AOL was a technique used by the warez community, who traded in unlicensed software, and black hat hackers to steal credit card information and commit other online crimes. AOL would suspend the accounts of individuals caught using certain keywords in chat rooms related to counterfeiting software or stolen accounts. The term "phishing" originated from the use of the <>< symbol in chat transcripts as a way to disguise references to illegal activity and evade detection by AOL staff. The symbol resembled a fish, and, combined with the popularity of phreaking, led to the term "phishing." AOHell, a program released in 1995, allowed hackers to impersonate AOL staff and send instant messages to victims asking them to reveal their passwords^[6] by claiming to need to "verify your account" or "confirm billing information". AOHell was a custom-written program used for phishing and warezing on AOL. In an effort to combat phishing, AOL added a warning to all instant messages stating that they would never ask for passwords or billing information. However, users with both AOL and non-AOL internet accounts (such as those from an ISP) could still phish AOL members without consequences.^[7] In 1995, AOL implemented measures to prevent the use of fake credit card numbers to open accounts, leading to an increase in phishing for legitimate accounts.^[8] AOL deactivated accounts involved in phishing, and eventually the warez scene on AOL was shut down, causing most phishers to leave the service.^[9]

2000s

• 2001
  • The first known direct attempt against a payment system affected E-gold in June 2001, which was followed up by a "post-9/11 id check" shortly after the September 11 attacks on the World Trade Center.^[10]
• 2003
  • The first known phishing attack against a retail bank was reported by The Banker in September 2003.^[11]
• 2004
  • It is estimated that between May 2004 and May 2005, approximately 1.2 million computer users in the United States suffered losses caused by phishing, totaling approximately . United States businesses lose an estimated per year as their clients become victims.^[12]
  • Phishing is recognized as a fully organized part of the black market. Specializations emerged on a global scale that provided phishing software for payment (thereby outsourcing risk), which were assembled and implemented into phishing campaigns by organized gangs.^{[13] [14]}
• 2005
  • In the United Kingdom losses from web banking fraud—mostly from phishing—almost doubled to in 2005, from in 2004,^[15] while 1 in 20 computer users claimed to have lost out to phishing in 2005.^[16]
• 2006
  • Almost half of phishing thefts in 2006 were committed by groups operating through the Russian Business Network based in St. Petersburg.^[17]
  • Banks dispute with customers over phishing losses. The stance adopted by the UK banking body APACS is that "customers must also take sensible precautions ... so that they are not vulnerable to the criminal."^[18] Similarly, when the first spate of phishing attacks hit the Irish Republic's banking sector in September 2006, the Bank of Ireland initially refused to cover losses suffered by its customers,^[19] although losses to the tune of €113,000 were made good.^[20]
  • Phishers are targeting the customers of banks and online payment services. Emails, supposedly from the Internal Revenue Service, have been used to glean sensitive data from U.S. taxpayers.^[21] While the first such examples were sent indiscriminately in the expectation that some would be received by customers of a given bank or service, recent research has shown that phishers may in principle be able to determine which banks potential victims use, and target bogus emails accordingly.^[22]
  • Social networking sites are a prime target of phishing, since the personal details in such sites can be used in identity theft;^[23] in late 2006 a computer worm took over pages on MySpace and altered links to direct surfers to websites designed to steal login details.^[24]
• 2007
  • 3.6 million adults lost in the 12 months ending in August 2007.^[25] Microsoft claims these estimates are grossly exaggerated and puts the annual phishing loss in the US at .^[26]
  • Attackers who broke into TD Ameritrade's database and took 6.3 million email addresses (though they were not able to obtain social security numbers, account numbers, names, addresses, dates of birth, phone numbers and trading activity) also wanted the account usernames and passwords, so they launched a follow-up spear phishing attack.^[27]
• 2008
  • The RapidShare file sharing site has been targeted by phishing to obtain a premium account, which removes speed caps on downloads, auto-removal of uploads, waits on downloads, and cool down times between uploads.^[28]
  • Cryptocurrencies such as Bitcoin facilitate the sale of malicious software, making transactions secure and anonymous.
• 2009
  • In January 2009, a phishing attack resulted in unauthorized wire transfers of US$1.9 million through Experi-Metal's online banking accounts.
  • In the third quarter of 2009, the Anti-Phishing Working Group reported receiving 115,370 phishing email reports from consumers with US and China hosting more than 25% of the phishing pages each.^[29]

2010s

• 2011
  • In March 2011, Internal RSA staff were successfully phished,^[30] leading to the master keys for all RSA SecurID security tokens being stolen, then subsequently used to break into US defense suppliers.^[31]
  • Chinese phishing campaigns targeted Gmail accounts of highly ranked officials of the United States and South Korean governments and militaries, as well as Chinese political activists.^{[32] [33]}
• 2012
  • According to Ghosh, there were "445,004 attacks in 2012 as compared to 258,461 in 2011 and 187,203 in 2010".
• 2013
  • In August 2013, advertising service Outbrain suffered a spear-phishing attack and SEA placed redirects into the websites of The Washington Post, Time, and CNN.^[34]
  • In October 2013, emails purporting to be from American Express were sent to an unknown number of recipients.^[35]
  • In November 2013, 110 million customer and credit card records were stolen from Target customers, through a phished subcontractor account.^[36] CEO and IT security staff subsequently fired.^[37]
  • By December 2013, Cryptolocker ransomware had infected 250,000 computers. According to Dell SecureWorks, 0.4% or more of those infected likely agreed to the ransom demand.^[38]
• 2014
  • In January 2014, the Seculert Research Lab identified a new targeted attack that used Xtreme RAT. This attack used spear phishing emails to target Israeli organizations and deploy the piece of advanced malware. Fifteen machines were compromised including ones belonging to the Civil Administration of Judea and Samaria.^{[39] [40] [41] [42] [43] [44] [45]}
  • In August 2014, the iCloud leaks of celebrity photos was found to be based on phishing e-mails sent to the victims that looked like they came from Apple or Google, warning the victims that their accounts might be compromised and asking for their account details.^[46]
  • In November 2014, phishing attacks on ICANN gained administrative access to the Centralized Zone Data System; also gained was data about users in the system – and access to ICANN's public Governmental Advisory Committee wiki, blog, and whois information portal.^[47]
• 2015
  • Charles H. Eccleston pleaded guilty^{[48] [49]} in an attempted spear-phishing when he attempted to infect computers of 80 Department of Energy employees.
  • Eliot Higgins and other journalists associated with Bellingcat, a group researching the shootdown of Malaysia Airlines Flight 17 over Ukraine, were targeted by numerous spear phishing emails.^{[50] [51]}
  • In August 2015, Cozy Bear was linked to a spear-phishing cyber-attack against the Pentagon email system causing the shut down of the entire Joint Staff unclassified email system and Internet access during the investigation.^{[52] [53]}
  • In August 2015, Fancy Bear used a zero-day exploit of Java, in a spear phishing attack spoofing the Electronic Frontier Foundation and launching attacks on the White House and NATO.^{[54] [55]}
• 2016
• In February, Austrian aerospace firm FACC AG was defrauded of 42 million euros ($47 million) through a BEC attack – and subsequently fired both the CFO and CEO.^[56]
  • Fancy Bear carried out spear phishing attacks on email addresses associated with the Democratic National Committee in the first quarter of 2016.^{[57] [58]}
  • The Wichita Eagle reported "KU employees fall victim to phishing scam, lose paychecks"^[59]
  • Fancy Bear is suspected to be behind a spear phishing attack in August 2016 on members of the Bundestag and multiple political parties such as Linken-faction leader Sahra Wagenknecht, Junge Union and the CDU of Saarland.^{[60] [61] [62] [63]}
  • In August 2016, the World Anti-Doping Agency reported the receipt of phishing emails sent to users of its database claiming to be official WADA, but consistent with the Russian hacking group Fancy Bear.^{[64] [65]} According to WADA, some of the data the hackers released had been forged.^[66]
  • Within hours of the 2016 U.S. election results, Russian hackers sent emails from spoofed Harvard University email addresses,^[67] using techniques similar to phishing to publish fake news targeted at ordinary American voters.
• 2017
  • In 2017, 76% of organizations experienced phishing attacks. Nearly half of information security professionals surveyed said that the rate of attacks increased from 2016.
  • In the first half of 2017 businesses and residents of Qatar were hit with more than 93,570 phishing events in a three-month span.^[68]
  • A phishing email to Google and Facebook users successfully induced employees into wiring money – to the extent of US$100 million – to overseas bank accounts under the control of a hacker. He has since been arrested by the US Department of Justice.^[69]
  • In August 2017, customers of Amazon faced the Amazon Prime Day phishing attack, when hackers sent out seemingly legitimate deals to customers of Amazon. When Amazon's customers attempted to make purchases using the "deals", the transaction would not be completed, prompting the retailer's customers to input data that could be compromised and stolen.^[70]
• 2018
  • In 2018, the company block.one, which developed the EOS.IO blockchain, was attacked by a phishing group who sent phishing emails to all customers, aimed at intercepting the user's cryptocurrency wallet key; and a later attack targeted airdrop tokens.^[71]
• 2019
  • Between May 30, 2019, and October 6, 2019, an unauthorized individual gained access to employee email accounts at Golden Entertainment, a Las Vegas, Nevada slot machine operator using an email phishing attack.^[72] The attacker had access to one particular email with an attachment containing the Social Security Numbers, Passport numbers, government IDs, and various personal data of multiple company employees and vendors. It is unclear whether this information was exposed.^[73] The company notified all affected individuals as a precaution, offering them complimentary Credit report monitoring. Subsequently, a class action lawsuit against the company was approved in the United States District Court for the District of Nevada on December 17, 2020.^[74]
  • From 2015 to 2019, Unatrac Holding Ltd. was subjected to an ongoing spear phishing attack, costing about US$11 million. Obinwanne Okeke and conspirators first acquired the company CFO's email credentials. Then, they sent fake invoices and wire transfer requests to the company's financial department.^[75] Okeke perpetrated cyberfraud against many other businesses and individuals, successfully capturing email and other sensitive login credentials. On February 16, 2021, he was sentenced to 10 years in prison.^[76]

2020s

• 2020
  • On July 15, 2020, Twitter suffered a breach that combined elements of social engineering and phishing. A 17-year-old hacker and accomplices set up a fake website resembling Twitter's internal VPN provider used by remote working employees. Individuals posing as helpdesk staff called multiple Twitter employees, directing them to submit their credentials to the fake VPN website.^[77] Using the details supplied by the unknowing employees, they were then able to seize control of several high-profile user accounts, including Barack Obama, Elon Musk, Joe Biden and Apple Inc.'s company account. The hackers sent messages to Twitter followers soliciting Bitcoin promising double the transaction value in return, collecting 12.86 BTC (about $117,000 at the time).^[78]

Overview

Year ! scope="row"

! scope="row"	! scope="row"	! scope="row"	! scope="row"	! scope="row"	! scope="row"	! scope="row"	! scope="row"	! scope="row"	! scope="row"	! scope="row"	! scope="row"	Total
2005	12,845	13,468	12,883	14,411	14,987	15,050	14,135	13,776	13,562	15,820	16,882	15,244	173,063
2006	17,877	17,163	18,480	17,490	20,109	28,571	23,670	26,150	22,136	26,877	25,816	23,787	268,126
2007	29,930	23,610	24,853	23,656	23,415	28,888	23,917	25,624	38,514	31,650	28,074	25,683	327,814
2008	29,284	30,716	25,630	24,924	23,762	28,151	24,007	33,928	33,261	34,758	24,357	23,187	335,965
2009	34,588	31,298	30,125	35,287	37,165	35,918	34,683	40,621	40,066	33,254	30,490	28,897	412,392
2010	29,499	26,909	30,577	24,664	26,781	33,617	26,353	25,273	22,188	23,619	23,017	21,020	313,517
2011	23,535	25,018	26,402	20,908	22,195	22,273	24,129	23,327	18,388	19,606	25,685	32,979	284,445
2012	25,444	30,237	29,762	25,850	33,464	24,811	30,955	21,751	21,684	23,365	24,563	28,195	320,081
2013	28,850	25,385	19,892	20,086	18,297	38,100	61,453	61,792	56,767	55,241	53,047	52,489	491,399
2014	53,984	56,883	60,925	57,733	60,809	53,259	55,282	54,390	53,661	68,270	66,217	62,765	704,178
2015	49,608	55,795	115,808	142,099	149,616	125,757	142,155	146,439	106,421	194,499	105,233	80,548	1,413,978
2016	99,384	229,315	229,265	121,028	96,490	98,006	93,160	66,166	69,925	51,153	64,324	95,555	1,313,771
2017	96,148	100,932	121,860	87,453	93,285	92,657	99,024	99,172	98,012	61,322	86,547	85,744	1,122,156
2018	89,250	89,010	84,444	91,054	82,547	90,882	93,078	89,323	88,156	87,619	64,905	87,386	1,040,654
2019	34,630	35,364	42,399	37,054	40,177	34,932	35,530	40,457	42,273	45,057	42,424	45,072	475,369

Web site: APWG Phishing Attack Trends Reports. May 5, 2019.

See also

• List of cyberattacks
• List of data breaches
• List of security hacking incidents

Notes and References

1. Garr . Doug . Life in a Wired Society . Omni . March 1984 . 6 . 56.
2. Felix, Jerry . Hauck, Chris . amp . System Security: A Hacker's Perspective . 1987 Interex Proceedings . September 1987 . 8 . 6.
3. News: EarthLink wins $25 million lawsuit against junk e-mailer . 2014-04-11 . 2019-03-22 . https://web.archive.org/web/20190322141415/https://www.bizjournals.com/atlanta/stories/2002/07/22/story4.html?page=all . live .
4. News: Mike . Langberg . AOL Acts to Thwart Hackers . September 8, 1995 . . March 14, 2012 . April 29, 2016 . https://web.archive.org/web/20160429161112/http://simson.net/clips/1995/95.SJMN.AOL_Hackers.html . live .
5. Rekouche . Koceilah . 1106.4692 . Early Phishing . 2011 . cs.CR.
6. News: AOL: A Cracker's Momma! . Stutz . Michael . January 29, 1998 . Wired News . dead . https://web.archive.org/web/20051214053144/http://wired-vig.wired.com/news/technology/0%2C1282%2C9932%2C00.html . December 14, 2005 .
7. Web site: Phishing | History of Phishing. phishing.org. 2019-09-13. 2018-09-09. https://web.archive.org/web/20180909125300/http://www.phishing.org/history-of-phishing. live.
8. Web site: Phishing . Word Spy . September 28, 2006 . October 15, 2014 . https://web.archive.org/web/20141015030058/http://www.wordspy.com/words/phishing.asp . live .
9. Web site: History of AOL Warez . September 28, 2006 . https://web.archive.org/web/20110406121144/http://www.rajuabju.com/warezirc/historyofaolwarez.htm . April 6, 2011 . dead .
10. Web site: GP4.3 – Growth and Fraud — Case #3 – Phishing . Financial Cryptography . December 30, 2005 . February 23, 2007 . January 22, 2019 . https://web.archive.org/web/20190122062718/http://financialcryptography.com/mt/archives/000609.html . live .
11. Sangani . Kris . The Battle Against Identity Theft . The Banker . September 2003 . 70 . 9 . 53–54.
12. News: How Can We Stop Phishing and Pharming Scams? . https://web.archive.org/web/20080324080028/http://www.csoonline.com/talkback/071905.html . March 24, 2008 . Kerstein . Paul . July 19, 2005 . CSO.
13. Web site: In 2005, Organized Crime Will Back Phishers . IT Management . December 23, 2004 . https://web.archive.org/web/20101231021522/http://itmanagement.earthweb.com/secu/article.php/3451501 . December 31, 2010 . dead .
14. Web site: The economy of phishing: A survey of the operations of the phishing market . Abad, Christopher . Christopher Abad . First Monday . September 2005 . 2010-10-08 . https://web.archive.org/web/20111121113128/http://firstmonday.org/htbin/cgiwrap/bin/ojs/index.php/fm/article/view/1272/1192 . 2011-11-21 . dead .
15. News: UK phishing fraud losses double . March 7, 2006 . Finextra . May 20, 2006 . January 19, 2009 . https://web.archive.org/web/20090119151413/http://www.finextra.com/fullstory.asp?id=15013 . live .
16. News: Brits fall prey to phishing . Richardson . Tim . May 3, 2005 . The Register . August 10, 2017 . June 10, 2019 . https://web.archive.org/web/20190610080015/https://www.theregister.co.uk/2005/05/03/aol_phishing/ . live .
17. News: Shadowy Russian Firm Seen as Conduit for Cybercrime. Brian. Krebs. The Washington Post. October 13, 2007. September 8, 2017. June 11, 2019. https://web.archive.org/web/20190611044618/http://www.washingtonpost.com/wp-dyn/content/story/2007/10/12/ST2007101202661.html?hpid=topnews. live.
18. Web site: Miller, Rich . Bank, Customers Spar Over Phishing Losses . Netcraft . September 13, 2006 . December 14, 2006.
19. Web site: Latest News . https://web.archive.org/web/20081007194413/http://applications.boi.com/updates/Article?PR_ID=1430 . October 7, 2008 . dead.
20. Web site: Bank of Ireland agrees to phishing refunds . vnunet.com . https://web.archive.org/web/20081028225500/http://www.vnunet.com/vnunet/news/2163714/bank-ireland-backtracks . October 28, 2008 . dead.
21. Web site: Suspicious e-Mails and Identity Theft . Internal Revenue Service . July 5, 2006 . https://web.archive.org/web/20110221081931/http://www.irs.gov/newsroom/article/0,,id=155682,00.html . February 21, 2011 . live .
22. News: Phishing for Clues . September 15, 2005 . Indiana University Bloomington . September 15, 2005 . https://web.archive.org/web/20090731125909/http://www.browser-recon.info/ . July 31, 2009 . dead .
23. News: Phishing Scam Takes Aim at MySpace.com . Kirk . Jeremy . June 2, 2006 . IDG Network . dead . https://web.archive.org/web/20060616110238/http://www.pcworld.com/resource/article/0%2Caid%2C125956%2Cpg%2C1%2CRSS%2CRSS%2C00.asp . June 16, 2006 .
24. Web site: Malicious Website / Malicious Code: MySpace XSS QuickTime Worm . Websense Security Labs . December 5, 2006 . https://web.archive.org/web/20061205104430/http://www.websense.com/securitylabs/alerts/alert.php?AlertID=708 . December 5, 2006.
25. News: Gartner Survey Shows Phishing Attacks Escalated in 2007; More than $3 Billion Lost to These Attacks . McCall . Tom . December 17, 2007 . Gartner . December 20, 2007 . November 18, 2012 . https://web.archive.org/web/20121118162442/http://www.gartner.com/it/page.jsp?id=565125 . dead .
26. Web site: A Profitless Endeavor: Phishing as Tragedy of the Commons . Microsoft . November 15, 2008.
27. Web site: Torrent of spam likely to hit 6.3 million TD Ameritrade hack victims . https://web.archive.org/web/20080821131854/http://www.sophos.com/pressoffice/news/articles/2007/09/ameritrade.html . August 21, 2008 . dead .
28. Web site: 1-Click Hosting at RapidTec — Warning of Phishing! . https://web.archive.org/web/20080430101024/http://rapidshare.de/en/phishing.html . April 30, 2008 . December 21, 2008.
29. Web site: APWG . Phishing Activity Trends Report . November 4, 2013 . https://web.archive.org/web/20121003202708/http://apwg.org/reports/apwg_report_Q3_2009.pdf . October 3, 2012 . dead .
30. Web site: Anatomy of an RSA attack . RSA.com . RSA FraudAction Research Labs . September 15, 2014 . https://web.archive.org/web/20141006071018/https://blogs.rsa.com/anatomy-of-an-attack/ . October 6, 2014 . dead .
31. News: Drew . Christopher . Markoff . John . Data Breach at Security Firm Linked to Attack on Lockheed . September 15, 2014 . The New York Times . May 27, 2011 . July 9, 2019 . https://web.archive.org/web/20190709053346/https://www.nytimes.com/2011/05/28/business/28hack.html . live .
32. Web site: Keizer, Greg . Suspected Chinese spear-phishing attacks continue to hit Gmail users . Computerworld . December 4, 2011 . August 13, 2011 . 2021-03-21 . https://web.archive.org/web/20210321122517/https://www.computerworld.com/article/2510237/suspected-chinese-spear-phishing-attacks-continue-to-hit-gmail-users.html . live .
33. Web site: Ewing, Philip . Report: Chinese TV doc reveals cyber-mischief . Dod Buzz . December 4, 2011 . August 22, 2011 . https://web.archive.org/web/20170126114336/http://www.dodbuzz.com/2011/08/22/report-chinese-tv-doc-reveals-cyber-mischief/ . January 26, 2017 . dead .
34. http://www.theatlanticwire.com/global/2013/08/syrian-hackers-use-outbrain-target-washington-post-time-and-cnn/68370/ "Syrian hackers Use Outbrain to Target The Washington Post, Time, and CNN"
35. Web site: Paul . Andrew . Phishing Emails: The Unacceptable Failures of American Express . Email Answers . October 9, 2013 . dead . https://web.archive.org/web/20131009070016/http://www.emailanswers.com/2013/10/phishing-emails-unacceptable-failures-american-express/ . October 9, 2013 .
36. News: O'Connell . Liz . Report: Email phishing scam led to Target breach . Bring Me the News . September 15, 2014 . September 15, 2014 . https://web.archive.org/web/20140915231011/http://bringmethenews.com/2014/02/12/report-email-phishing-scam-led-to-target-breach/ . live .
37. Web site: Target CEO Sack . September 15, 2014 . Ausick . Paul . September 15, 2014 . https://web.archive.org/web/20140915230857/http://247wallst.com/retail/2014/05/05/target-ceo-sacked/ . live .
38. News: Kelion . Leo . Cryptolocker ransomware has 'infected about 250,000 PCs' . December 24, 2013 . BBC . December 24, 2013 . March 22, 2019 . https://web.archive.org/web/20190322141441/https://www.bbc.com/news/technology-25506020 . live .
39. News: Israeli defence computer hacked via tainted email -cyber firm . Reuters . January 26, 2014 . 2017-07-01 . 2015-09-24 . https://web.archive.org/web/20150924192852/http://www.reuters.com/article/2014/01/26/israel-cybersecurity-idUSL5N0L00JR20140126?irpc=932&irpc=932 . live .
40. News: האקרים השתלטו על מחשבים ביטחוניים. January 27, 2014. Ynet. לוי. רויטרס ואליאור. November 29, 2016. March 21, 2021. https://web.archive.org/web/20210321122500/https://www.ynet.co.il/articles/0,7340,L-4481380,00.html. live.
41. Web site: Hackers break into Israeli defence computers, says security company . https://web.archive.org/web/20140209185037/https://www.theguardian.com/world/2014/jan/27/hackers-israeli-defence-ministry-computers . 2014-02-09 . The Guardian . dead .
42. News: Israel defence computers hit by hack attack . BBC News . January 27, 2014 . 2018-06-22 . 2019-03-22 . https://web.archive.org/web/20190322143536/https://www.bbc.co.uk/news/technology-25575790 . live .
43. Web site: Israeli Defense Computer Hit in Cyber Attack: Data Expert | SecurityWeek.Com. securityweek.com. January 27, 2014 . 2019-09-13. 2019-03-22. https://web.archive.org/web/20190322141450/https://www.securityweek.com/israeli-defense-computer-hit-cyber-attack-data-expert. live.
44. News: Israel to Ease Cyber-Security Export Curbs, Premier Says . Bloomberg . 2017-03-11 . 2014-03-04 . https://web.archive.org/web/20140304114001/http://www.bloomberg.com/news/2014-01-27/israel-to-ease-cyber-security-export-curbs-premier-says.html . live .
45. News: Cyber Break-in @ IDF . HuffPost . Micah D. . Halpern . 2020-02-20 . 2021-03-21 . https://web.archive.org/web/20210321122502/https://www.huffpost.com/entry/cyber-breakin-idf_b_4696472 . live .
46. https://techcrunch.com/2016/03/15/prosecutors-find-that-fappening-celebrity-nudes-leak-was-not-apples-fault/ Prosecutors find that ‘Fappening’ celebrity nudes leak was not Apple’s fault
47. Web site: ICANN Targeted in Spear Phishing Attack | Enhanced Security Measures Implemented . icann.org . December 18, 2014 . 2019-08-07 . https://web.archive.org/web/20190807072329/https://www.icann.org/news/announcement-2-2014-12-16-en . live .
48. Web site: Eccleston Indictment. November 1, 2013. November 22, 2020. January 26, 2017. https://web.archive.org/web/20170126220145/https://www.justice.gov/file/eccleston-indictment/download. live.
49. Web site: Former U.S. Nuclear Regulatory Commission Employee Pleads Guilty to Attempted Spear-Phishing Cyber-Attack on Department of Energy Computers. February 2, 2016. 2020-11-22. 2019-08-08. https://web.archive.org/web/20190808054803/https://www.justice.gov/opa/pr/former-us-nuclear-regulatory-commission-employee-pleads-guilty-attempted-spear-phishing-cyber. live.
50. News: Nakashima. Ellen. Russian hackers harassed journalists who were investigating Malaysia Airlines plane crash. October 26, 2016. September 28, 2016. The Washington Post. April 23, 2019. https://web.archive.org/web/20190423175317/https://www.washingtonpost.com/world/national-security/russian-hackers-harass-researchers-who-documented-russian-involvement-in-shootdown-of-malaysian-jetliner-over-ukraine-in-2014/2016/09/28/d086c8bc-84f7-11e6-ac72-a29979381495_story.html. live.
51. Web site: ThreatConnect. ThreatConnect reviews activity targeting Bellingcat, a key contributor in the MH17 investigation.. ThreatConnect. October 26, 2016. September 28, 2016.
52. News: Kube. Courtney. Russia hacks Pentagon computers: NBC, citing sources. August 7, 2015. August 7, 2015. August 8, 2019. https://web.archive.org/web/20190808014900/https://www.cnbc.com/2015/08/06/russia-hacks-pentagon-computers-nbc-citing-sources.html. live.
53. News: Starr. Barbara. Official: Russia suspected in Joint Chiefs email server intrusion. August 7, 2015. August 7, 2015. August 8, 2019. https://web.archive.org/web/20190808014850/https://edition.cnn.com/2015/08/05/politics/joint-staff-email-hack-vulnerability/. live.
54. News: Doctorow. Cory. Spear phishers with suspected ties to Russian government spoof fake EFF domain, attack White House. Boing Boing. August 28, 2015. November 29, 2016. March 22, 2019. https://web.archive.org/web/20190322141457/https://boingboing.net/2015/08/28/spear-phishers-with-suspected.html. live.
55. Web site: Quintin. Cooper. New Spear Phishing Campaign Pretends to be EFF. EFF. August 27, 2015. November 29, 2016. August 7, 2019. https://web.archive.org/web/20190807075024/https://www.eff.org/deeplinks/2015/08/new-spear-phishing-campaign-pretends-be-eff. live.
56. News: Austria's FACC, hit by cyber fraud, fires CEO . December 20, 2018 . Reuters . May 26, 2016 . March 21, 2021 . https://web.archive.org/web/20210321122533/https://www.reuters.com/article/us-facc-ceo-idUSKCN0YG0ZF . live .
57. News: Sanger. David E.. Corasaniti. Nick. D.N.C. Says Russian Hackers Penetrated Its Files, Including Dossier on Donald Trump. October 26, 2016. The New York Times. June 14, 2016. July 25, 2019. https://web.archive.org/web/20190725090932/https://www.nytimes.com/2016/06/15/us/politics/russian-hackers-dnc-trump.html. live.
58. News: Economist. Staff of. Bear on bear. October 25, 2016. Economist. September 24, 2016. May 20, 2017. https://web.archive.org/web/20170520234836/http://www.economist.com/news/united-states/21707574-whats-worse-being-attacked-russian-hacker-being-attacked-two-bear-bear. live.
59. Web site: KU employees fall victim to phishing scam, lose paychecks. 2016-10-06. 2019-03-22. https://web.archive.org/web/20190322141501/https://www.kansas.com/news/local/crime/article88960532.html. live.
60. Web site: Hackers lurking, parliamentarians told. Deutsche Welle. September 21, 2016.
61. News: Hackerangriff auf deutsche Parteien. Süddeutsche Zeitung. September 21, 2016. September 20, 2016. Pinkert. Georg Heil. Berlin. Nicolas Richter.
62. Web site: Holland. Martin. Angeblich versuchter Hackerangriff auf Bundestag und Parteien. September 20, 2016 . Heise. September 21, 2016. April 1, 2019. https://web.archive.org/web/20190401054258/https://www.heise.de/newsticker/meldung/Angeblich-versuchter-Hackerangriff-auf-Bundestag-und-Parteien-3328265.html. live.
63. News: Wir haben Fingerabdrücke. Frankfurter Allgemeine Zeitung. Frankfurter Allgemeine. September 21, 2016. Hemicker. Lorenz. Alto. Palo. March 22, 2019. https://web.archive.org/web/20190322141504/https://www.faz.net/aktuell/politik/inland/hackerangriffe-auf-politiker-wir-haben-fingerabdruecke-14445655.html. live.
64. Web site: Russian hackers 'Fancy Bear' likely breached Olympic drug-testing agency and DNC, experts say. Hyacinth Mascarenhas. International Business Times. August 23, 2016. September 13, 2016.
65. Web site: What we know about Fancy Bears hack team . BBC News . September 17, 2016 . September 15, 2016 . 2019-03-22 . https://web.archive.org/web/20190322141504/http://www.bbc.co.uk/newsbeat/article/37374053/what-we-know-about-fancy-bears-hack-team . live .
66. News: Gallagher. Sean. Researchers find fake data in Olympic anti-doping, Guccifer 2.0 Clinton dumps. October 26, 2016. Ars Technica. October 6, 2016. July 14, 2017. https://web.archive.org/web/20170714183747/https://arstechnica.com/security/2016/10/researchers-find-fake-data-in-olympic-anti-doping-guccifer-2-0-clinton-dumps/. live.
67. Web site: Russian Hackers Launch Targeted Cyberattacks Hours After Trump's Win. November 10, 2016. 2016-11-28. 2017-01-27. https://web.archive.org/web/20170127084206/http://motherboard.vice.com/read/russian-hackers-launch-targeted-cyberattacks-hours-after-trumps-win. live.
68. News: Qatar faced 93,570 phishing attacks in first quarter of 2017. May 12, 2017. Gulf Times. 2018-01-28. ar. 2018-08-04. https://web.archive.org/web/20180804183817/http://www.gulf-times.com/story/547784/Qatar-faced-93-570-phishing-attacks-in-first-quart. live.
69. News: Facebook and Google Were Victims of $100M Payment Scam. Fortune. 2018-01-28. en. 2019-08-08. https://web.archive.org/web/20190808035623/https://fortune.com/2017/04/27/facebook-google-rimasauskas/. live.
70. News: Amazon Prime Day phishing scam spreading now!. The Kim Komando Show. 2018-01-28. en-us. 2019-05-27. https://web.archive.org/web/20190527085340/https://www.komando.com/happening-now/415020/amazon-prime-day-phishing-scam-spreading-now. live.
71. Web site: Cryptocurrency Hackers Are Stealing from EOS's $4 Billion ICO Using This Sneaky Scam. Jen Wieczner. 2018-05-31. en-us. 2021-03-21. https://web.archive.org/web/20210321122517/https://fortune.com/2018/05/31/cryptocurrency-eos-ico-scam/. live.
72. Web site: Golden Entertainment phishing attack exposes gamblers' data. 2022-03-23. verdict.co.uk. February 3, 2020. en-US.
73. Web site: How Phishing Impacts the Online Gambling Industry. 2022-03-23. sportsbetting3.com. November 9, 2021. en-US.
74. Web site: Miranda et al v. Golden Entertainment (NV), Inc.. 2022-03-23. justia.com. en-US.
75. Web site: Nigerian Man Sentenced 10 Years for $11 million Phishing Scam. 2022-03-23. cyberscoop.com. February 17, 2021. en-US.
76. Web site: Nigerian National Sentenced to Prison for $11 Million Global Fraud Scheme. 2022-03-23. justice.gov. February 16, 2021. en-US.
77. Web site: Twitter Investigation Report – Department of Financial Services . October 14, 2020 . 2020-10-11 . www.dfs.ny.gov . en.
78. Web site: Three Individuals Charged For Alleged Roles In Twitter Hack. 2022-03-23. justice.gov. en-US.