Imagine clicking on the email that appears to be a message from a trusted executive in need, urgently requesting a financial transfer. While this scenario is all too common, the consequences can be devastating.
In 2022 alone, phishing attacks cost Americans over $52 million, and that does not include BEC (business email compromise) cases that approach $3 billion in losses for companies in 2023 alone. Email scams are a universal menace—most of us have encountered at least one. While some are easily spotted, others are remarkably sophisticated and convincing. So, if you’ve ever fallen victim to an email scam, you’re not alone.
In this article, we will look at some of the most notorious email scam examples that targeted major corporations. These stories reveal how creative and skillful some cybercriminals are and how significant the financial impacts on their victims can be. As scammers become more advanced with technological developments, understanding these past incidents can help us learn from mistakes and strengthen our security measures to better protect against future threats.
Notable Email Scams in History
1. The Nigerian prince scam
Story: “Greetings, a substantial inheritance is reserved for you…but it’s currently secured in an international bank…” Sounds familiar? This is an example of scam email, many of which started to appear in the beginning of 90s and are still very active in the email realm.
The essence of the Nigerian prince scam is that it exploits people’s trust and greed by promising them a large sum of money in exchange for their assistance with transferring funds. Scammers pose as wealthy individuals or royalty who need help to move their fortune out of their country due to legal or political issues. Victims are usually asked to provide personal information and pay various upfront fees for legal costs, taxes, or bribes. In return, they are promised a fair share of the fortune. Once the victim is hooked, these fees keep escalating for various reasons, while the promised fortune never materializes. By the time a victim realizes that he or she was scammed, they are left with financial losses, significant at times.
Nowadays, scammers do not limit themselves to only Nigerian royalty and often pose as wealthy individuals from the United States, Ukraine, the Ivory Coast, Switzerland, or the Central African Republic. In spite of greater location diversity, most of these phishing scam examples still exploit the classics, often involving stories of deceased relatives with large inheritances.
Cost: It is hard to estimate actual losses from this type of scam since it’s been around for decades and affected people of different walks of life. Nonetheless, with individual victims losing anywhere from a few thousand to hundreds of thousands of dollars, collective losses from the Nigerian prince can be estimated in billions of dollars.
2. The IRS tax refund scam
Story: The IRS tax refund scam represents a fraudulent scheme where scammers impersonate the Internal Revenue Service (IRS). The goal is to lure individuals into providing personal and financial information. In the example of these phishing emails, scammers contact victims via phone, email, or text, claiming to be IRS representatives.
They inform the victims that they are eligible for a tax refund or that there is an issue with their tax return that needs immediate attention. Threats of legal action, fines, or arrest if the victim does not comply coming from the alleged IRS serve as an effective strategy that makes many lose their rational mind. These messages always play with a sense of urgency and a feeling of fear and confusion, turning them into a powerful impersonating tool.
Victims are then asked to provide sensitive information, such as Social Security numbers, bank account details, or credit card numbers required for verifying their identity or processing the refund. In case of emails, victims are directed to click on malicious links or open attachments containing malware. The next step—victims are left dealing with the consequences of having their personal information compromised.
In order to prevent people from falling victims of tax refund scams, the actual IRS provided users with crucial information on how to recognize scam messages on their official website:
 |
Cost: The collective losses of Americans from the IRS scam accounted for some $2.3 billion in 2021, with the median individual losses of around $1,000. While a substantial 17.16% of US citizens reported losing money to IRS scams, the actual numbers are much higher, as many prefer to keep it secret due to feelings of fear, shame, and embarrassment.
3. The Target
The Target CEO fraud that happened in 2016 is a classic BEC email scam example.
In their impersonating attempt, cybercriminals crafted a convincing email that appeared to come from Brian Cornell, the CEO of Target. The email was sent to a finance employee within the company and contained instructions to urgently transfer $40 million to a specified bank account.
The email mimicked Target’s CEO communication style in details, including language and formatting of the legitimate CEO’s emails. Believing the request to be genuine and urgent, the finance employee initiated the transfer of the substantial sum to the fraudulent account provided by the scammers. It was only after the transaction was completed and the money had been transferred that the company realized they had fallen victim to a sophisticated scam.
The email successfully played on the sense of urgency and the employee’s willingness to follow directives from the company’s top manager.
While there is no publicly available copy of the infamous 2016 BEC scam email, Target allocates on its official website different email fraud examples. Such as this fake order scam:
Cost: While the amount lost by Target in 2016 seems insanely big, it looks like a drop in the ocean in comparison to the $50 billion that has been lost in both American and international BEC cases in the period between 2013 and 2022. And these are only the reported numbers!
4. The Facebook and Google scam (2013–2015)
Story: The story of the Facebook and Google email scam is one of the biggest phishing scam examples in the history of cybercrimes. From 2013 to 2015, Lithuanian citizen Evaldas Rimasauskas executed an ambitious phishing scam targeting two of the largest tech companies in the world, Facebook and Google. Posing as Quanta Computer, a well-known Asian hardware manufacturer and one of the suppliers for both companies, Rimasauskas set up fake email accounts and company stamps with the same name as Quanta Computer.
After that, Rimasauskas started to send fraudulent invoices to Facebook and Google, requesting payment for goods and services that had never been provided. These invoices looked authentic and included details that matched legitimate transactions that both companies were accustomed to. The finance departments at Facebook and Google processed these invoices and transferred the requested funds to mentioned bank accounts The payments were sent to bank accounts in various countries, including Latvia, Cyprus, Slovakia, Lithuania, Hungary, and Hong Kong.
The scam was eventually uncovered, leading to an investigation by the U.S. Department of Justice. In 2017, Rimasauskas was arrested in Lithuania and later extradited to the United States. He pleaded guilty to wire fraud and other charges in 2019, admitting to his role in the multi-million-dollar scheme.
Cost: Over the course of the scheme, Rimasauskas managed to fraudulently obtain over $100 million from the two tech giants.
5. The Ubiquiti Networks scam (2015)
Story: In 2015, Ubiquiti Networks, a U.S.-based technology company specializing in wireless data communication products, became another victim of the BEC scam.
The attackers posed as high-ranking Ubiquiti executives and sent convincing emails to the company’s finance department. These emails, crafted to appear legitimate and urgent, instructed the finance employees to transfer funds to specific bank accounts for business purposes. Believing the instructions were genuine, the finance team complied and initiated the transfers.
Over a period, the scammers managed to scam the company of approximately $46.7 million. While the company managed to recover parts of the stolen money, the whole amount was challenging to trace since the money were sent to overseas accounts controlled by the fraudsters.
Cost: The company reported a loss of $46.7 million due to the scam. Altogether, in the last nine years, there have been around 300,000 BEC cases reported in 50 states across the US and 177 other countries. Similarly, in the period from 2021 to 2022, the number of reported BEC cases increased by 17%.
The Impact of Email Scams
Five interesting facts about email scams
According to the data provided by the FBI’s Internet Crime Complaint Center (IC3) in 2022, people in the age between 30–39 reported the biggest number of phishing scams.
In the United States, Nevada turned out to be the state most affected by phishing scams in 2022, while Kansas—the least affected.
Bulk phishing was recognized as the most widespread type of phishing scam in 2022, affecting around 85 percent of companies worldwide.
Gmail is responsible for 91% of bait emails sent via email. Only 9% of scam emails come from other sending domains.
The sector where employees click on phishing emails the most is education (27.6%), followed by finance and insurance (26.6%) and information technology (25.6%).
Psychological and emotional impact on victims
While financial loss might be devastating at times, often it is not the main impact experienced by victims of online scams. In the aftermath of fraud, many struggle with feelings of shame and embarrassment, while 55% of victims suffer from mental health issues such as depression and low self-esteem afterwards.
Broader implications for cybersecurity and public trust
While digital scams provide a profound personal impact, they also erode public trust in the integrity of otherwise reliable companies as well as in the reliability of digital forms of communication. People become more wary of online interactions, which potentially hinders the adoption of digital services.
Lessons Learned from Historical Email Scams
Common red flags and how to spot them
In spite of the fact that email scams are getting more advanced from year to year, the common red flags are still there most of the time. These include urgent and pressuring language, requests for sensitive information, mismatched or suspicious email addresses, spelling and grammar errors, generic greetings, and unsolicited attachments or links.
How to protect yourself and your organization
While on the personal level it might be enough to follow some basic security rules, like setting up spam filters, keeping software and systems updated, and watching out for red flags, protecting on the organizational level requires a more advanced approach. Organizational measures might include using multi-factor authentication (MFA), establishing strict verification protocols for financial transactions, utilizing secure email gateways, and encrypting sensitive data. Multiple layers of defense and authentication are crucial to prevent sophisticated email scams.
Role of education and awareness in prevention
Self-education about scams and how they evolve, as well as regular training programs, help individuals and employees alike to better recognize and respond to threats. Clear reporting mechanisms and ongoing awareness campaigns also help to put cybersecurity at the center of attention. Strong leadership can support promotion of these practices in companies and foster a culture of overall vigilance and proactive defense.
The Future of Email Scams
Emerging trends and potential threats
Fake email examples are becoming increasingly sophisticated, with scammers using advanced social engineering tactics and artificial intelligence to produce highly convincing messages. Emerging trends include personalized phishing (spear phishing), business email compromise scams, and the use of deepfake technology to impersonate voices and videos.
How technology can help fight against email scams
Technological development in general and machine learning in particular might play a crucial role in combating email scams through advanced security solutions. Machine learning algorithms can analyze email patterns and detect anomalies indicative of phishing attempts. Multi-factor authentication (MFA) adds an extra layer of security, making unauthorized access more difficult. Additionally, secure email gateways and anti-phishing software can filter and block malicious emails before they reach users’ inboxes, significantly reducing the risk of scams.
Predictions for the evolution of email scams
The evolution of email scams is likely to see an increase in the use of AI and machine learning by both attackers and defenders. Scammers will continue to refine their tactics, using more personalized and context-aware phishing attacks. We may also see a rise in hybrid scams that combine elements of phishing with other forms of cybercrime, such as ransomware. As cybersecurity measures improve, cybercriminals will likely shift their focus to exploiting human vulnerabilities, emphasizing the need for ongoing education and awareness efforts.
To Sum Up
Email phishing poses a significant and real threat to both personal and organizational security, as we showcased on these notorious email scam examples. That is why staying updated on the latest tactics used by cybercriminals is so crucial for protection. It is important to remember that while financial losses from these scams can be devastating, the impact on victims’ mental health is often an even greater price to pay.
This reality underscores the importance of familiarizing ourselves with these threats and taking proactive measures to protect against them. By learning from past incidents and continuously enhancing our security practices, we can mitigate the risks and secure our well-being against the persistent threat of email scams.