Close this search box.

The Most Costly Phishing Scams Ever

Table of Contents

[fusion_builder_container type=”flex” hundred_percent=”no” equal_height_columns=”no” menu_anchor=”” hide_on_mobile=”small-visibility,medium-visibility,large-visibility” class=”” id=”” background_color=”” background_image=”” background_position=”center center” background_repeat=”no-repeat” fade=”no” background_parallax=”none” parallax_speed=”0.3″ video_mp4=”” video_webm=”” video_ogv=”” video_url=”” video_aspect_ratio=”16:9″ video_loop=”yes” video_mute=”yes” overlay_color=”” video_preview_image=”” border_color=”” border_style=”solid” padding_top=”” padding_bottom=”” padding_left=”” padding_right=””][fusion_builder_row][fusion_builder_column type=”1_1″ layout=”1_1″ background_position=”left top” background_color=”” border_color=”” border_style=”solid” border_position=”all” spacing=”yes” background_image=”” background_repeat=”no-repeat” padding_top=”” padding_right=”” padding_bottom=”” padding_left=”” margin_top=”0px” margin_bottom=”0px” class=”” id=”” animation_type=”” animation_speed=”0.3″ animation_direction=”left” hide_on_mobile=”small-visibility,medium-visibility,large-visibility” center_content=”no” last=”true” min_height=”” hover_type=”none” link=”” border_sizes_top=”” border_sizes_bottom=”” border_sizes_left=”” border_sizes_right=”” first=”true”][fusion_text columns=”” column_min_width=”” column_spacing=”” rule_style=”default” rule_size=”” rule_color=”” content_alignment_medium=”” content_alignment_small=”” content_alignment=”” hide_on_mobile=”small-visibility,medium-visibility,large-visibility” sticky_display=”normal,sticky” class=”” id=”” margin_top=”” margin_right=”” margin_bottom=”” margin_left=”” font_size=”” fusion_font_family_text_font=”” fusion_font_variant_text_font=”” line_height=”” letter_spacing=”” text_transform=”none” text_color=”” animation_type=”” animation_direction=”left” animation_speed=”0.3″ animation_offset=””]

Phishing scams are the biggest threat to your business. Used to attack via email, only a single click on the wrong link and you’re potentially delivering hackers with access to your valuable data.

Phishing isn’t specifically targeted at businesses either. It can happen to anyone who owns an email address. If cyber criminals want to steal your data, they will seek for any vulnerabilities in your cyber security.

Cyber criminals typically take the path of least resistance – through you.

Coordinating phishing scams are simple. They also have a 1/10 chance of success; not bad odds for a simple email that could grant access to an entire business’s sensitive data.

With this in mind, we’ve compiled a collection of the most costly high-profile phishing scams:

5) MacEwan University – £9 million

MacEwan University fell victim to phishing scams in 2018 due to staff failing to verify an email requesting a change in payment information. The university had some building work that had been completed on campus and the vendor needed paying for their work.

Emails appeared in MacEwan University inboxes from a construction company requested a change in payment arrangements. Three separate payments were paid to the ‘construction company’ accounts which turned out to be separate accounts in Montreal and Hong Kong.

The university only realised their mistakes when the legitimate construction company questioned why they hadn’t received a payment. They later admitted they were completely at fault and that it was human error.

It is believed that the university, unlike most, did manage to get the stolen money back. After spending around £160,000 on legal and banking fees.

4) Pathé – £16 million

One of the smaller costs on this list, the attack against Pathé was nonetheless prolonged and lasted for around about a month back in 2018! Hackers asked the company to send money to an account in Dubai for an upcoming company takeover bid. This was not a legitimate account.

This was a case of business email compromise where the attacker impersonated a senior figure in a business. This is known as an email impersonation attack.

The money transfers were conducted via wire transfers which made the transactions very difficult to trace.

It is believed that hackers will sometimes buy domain names to make the attack look more convincing, which is what happened in the case of the phishing scams conducted against Pathé.

Both the CEO and Chief Financial Operator lost their jobs over the phishing scandal.

3) FACC – £48 million

FACC is an Austrian company that designs parts for aircrafts. They lost around £48 million in 2016  when they fell victim to a phishing attack.

This was a CEO phishing attack where the attackers impersonate a member of the business who is an executive or has access to important financial data.

The attackers then ask the victim to transfer money to the hackers account

The attack was confirmed to come from a source from outside the company. Despite this, the CEO of FACC was sacked because of the damage caused by this phishing attack.

2) Crelan Bank – £59 million

With a substantial loss of £59m in 2016, the Belgian bank lost the money through a phishing email that appeared to come from the CEO of the bank which had been sent to employees – much like the campaigns against FACC and Pathé.

These phishing scams will typically be marked urgent and sent to someone with financial influence at an organisation.

An email was sent out demanding payment into a fraudulent account posing as the CEO of the bank. Employees were fooled by the email and the phishing attempt was successful by the hackers, relieving Crelan Bank of a huge £59m.

But this wasn’t the most costly phishing scam.

1) Facebook and Google – £78 million (Each!)

Ironically, Facebook and Google, two of the biggest and well-known tech companies in the world suffered the biggest phishing scams in terms of cost. Both firms ended up paying out for their errors!

The scam consisted of an elaborate invoice which proved to be fake. The hacker, a Lithuanian man who simply asked the two companies for the money, received the money upon request. Simple, but effective. However, Google and Facebook recognised the phishing scam very quickly and recovered the bulk of the transferred funds.

These types of phishing scams are easily avoidable if the right procedures and training are put in place. Instead, it cost Facebook and Google an enormous sum of money. They can afford it, but could you?

As you’ve seen here, impersonation attacks are proving to be one of the more lucrative methods of phishing scams. Our email security solution actually offers protection against impersonation attempts – not all do this.

Another crucial step to take towards minimising risk is to enrol your staff on to IT Awareness Training courses. It’s a simple step to take to prevent a costly mistake.

To discuss email security or IT awareness training for your staff, contact us at or on 01283753333.


Want to keep up with our blog?

Get our most valuable tips right inside your inbox, once per month!

Latest IT News & Insights
Microsoft Dynamics 365 Business Central Main Product Mockup Showcase ERP
Why Business Central enhances and streamlines solutions
See how Microsoft Dynamics 365 Business Central enhances business solutions and streamlines the processes...
Read More
Neuways artificial intelligence
Artificial Intelligence: The Good, The Bad & The Ugly
AI is the Marmite of the IT world. Love it or hate it, the reality is it filters into our everyday lives...
Read More
Choose Neuways for your IT Support, Cyber Security and Business Central needs.
Cyber Security Acronyms Part 1: Neuways
We are helping clients to understand cyber security. We're making it easy for you, as we are jargon busting...
Read More
Password Manager and Security with neuways
Password Managers just became an even more important tool for Employees
The Government has brought in a ban on employees and manufacturers using default passwords.
Read More
Dark Web monitoring
What is the Dark Web?
Dark Web Monitoring identifies whether any of your company data (including login credentials and confidential...
Read More
Password Manager and Security with neuways
Password Security
Business Password Manager Tool Protect your remote workforce with Password Manager Tool, the business...
Read More
WatchGuard WiFi Security
WatchGuard User Services Platform – Simple, Secure and Intelligent WiFi
Why do Neuways partner with WatchGuard? Find out below to see how we improve the cyber security of your...
Read More
Endpoint Security
Endpoint Security
Protect your business with the best in Endpoint Security – How Neuways can help you Protect Your...
Read More

Frequently Asked Questions

Managed IT support is a comprehensive solution where an expert IT provider, like Neuways, handles your technology infrastructure. This includes proactive monitoring, maintenance, cyber security, and support.

Contact us

Support: 01283 753300

Business Development: 01283 753333

Purchasing: 01283 753322

Admin and Accounts: 01283 753311


Yes we do. Your business needs Cyber Security due to the increasing number of cyber threats that are affecting businesses in all industries. If your business has data and technology systems implemented, you will need Managed Cyber Security.

Yes we can. We have our own dedicated Microsoft Dynamics 365 Business Central teams who work to ensure that we can implement the right systems and solutions into your website that are absolute right for you. 

Got a question?

Reach out
& Connect

Please enable JavaScript in your browser to complete this form.