Levitas Capital. In 2020, a whaling attack was conducted against the co-founder of the Australian hedge fund Levitas Capital. The co-founder received an email containing a fake Zoom link. When he clicked the link, malware was deployed on the hedge fund's corporate network, generating fraudulent invoices of nearly $8.7 million.
The actual financial losses from the attack were $800,000, but the attack also damaged the hedge fund’s reputation, causing them to lose their biggest client and shut down operations.
Robinhood.
Hackers used social engineering to gain access to Robinhood's customer support systems, compromising the personal information of about 7 million customers. The attack was carried out through a phone call to a customer service employee.
An Australian hedge fund, Levitas Capital, was the victim of a phishing attack via a fake Zoom invitation. One of the co-founders clicked on the malicious link, which installed malware on their device. This malware enabled unauthorized transactions, allowing the attackers to gain access to the company's email infrastructure. They then created fraudulent accounts totaling $8.7 million, which were approved for transactions.
Employees of a financial institution received emails that appeared to come from the IT department warning about a security breach, instructing them to click on a link to change their passwords. The link led to a convincing fake login page where employees unwittingly entered their credentials, granting attackers access to their accounts. Once inside, the attackers compromised the company's network and sensitive financial data, customer information and proprietary systems, jeopardizing client security and posing significant reputational and financial risks for the institution.
They then used the compromised accounts to launch phishing attacks against customers and partners, exacerbating the initial breach and causing widespread concern.