Let's look at examples of incidents that have occurred in the Government industry.

• Incident 1

In 2020, computer systems at the U.S. Department of the Interior were compromised by attackers. They used the "evil twin" phishing technique, in which they tricked individuals into connecting to a fake Wi-Fi access point controlled by the attackers. This allowed them to steal credentials and access the department's wireless network. Further investigation revealed that the department did not have a secure wireless network infrastructure, and it had failed to meet its own internal security requirements, such as robust user authentication and regular network testing.

• Incident 2

In July 2018, Marian Simulik, the treasurer of the City of Ottawa in Ontario, Canada, received an email purporting to be from the city manager. The email instructed her to wire $128,000 to a supplier in the United States. The city's website was undergoing an overhaul at the time, and the treasurer thought the request was related to that project. She researched the supplier and corresponded with someone she believed to be the city manager via email, and sent the funds to a US bank account. Soon after, Simulik received another request for money from the same scammer. She asked the city manager about it, but they said they were not aware of either request.

Simulik realized she had fallen victim to an email-based scam. In April 2019, KnowBe4 published an article about this incident, warning about the dangers of phishing attacks targeting government officials.The ability of the fraudster to impersonate the city manager and the treasurer's assumption that the request was legitimate due to the website overhaul demonstrates the sophistication of these attacks.

• Incident 3

A fraudster posing as a representative of SECON Construction tricked the city and borough of Juneau (CBJ), in Alaska, into updating bank account details. After a successful transaction, CBJ transferred $329,630.21 to the scammer in April. Later, SECON reported that they had not received payment, prompting CBJ to contact the police, the FBI and their bank.

• Incident 4

In Riviera Beach, Florida, city systems were hit by a ransomware attack after a police department employee clicked on a malicious email link. This attack forced the city to temporarily suspend operations, disrupting emergency services and requiring manual processing of payroll. Following the advice of outside experts, the city paid a ransom in the form of 65 Bitcoins, which at the time were worth more than $600,000.

1. Data Breach: Phishing attacks can lead to a massive data breach, where sensitive governmental information is exposed to unauthorized individuals. This could include sensitive national security data, classified documents, personal information of officials, and more.

2. Espionage and Intelligence Gathering: Hackers who successfully breach a government network through phishing can engage in espionage activities, gathering classified information, sensitive diplomatic communications, and other intelligence that could compromise national security.

3. Disruption of Government Functions: If hackers gain access to critical government systems through phishing, they could disrupt essential services and functions, such as communication networks, emergency response systems, financial operations, and more. This could severely impact the ability of the government to function effectively.

4. Manipulation of Elections or Policy: In the case of hacking government officials' accounts, hackers could potentially manipulate public opinion, elections, or policy decisions by spreading false information, altering communications, or influencing decision-making processes.

5. Ransomware Attacks: Phishing attacks can also lead to ransomware infections, where hackers encrypt government systems and demand a ransom for decryption. This can cripple government operations and lead to significant financial losses.

https://www.helpnetsecurity.com/2016/01/26/belgian-bank-crelan-loses-e70-million-to-bec-scammers/

https://www.europol.europa.eu/media-press/newsroom/news/mastermind-behind-eur-1-billion-cyber-bank-robbery-arrested-in-spain

https://blog.barracuda.com/2023/07/03/banks-have-lost-millions-to-these-common-attacks

https://au.finance.yahoo.com/news/warning-over-hsbc-scam-that-could-cost-you-50000-020205332.html?guccounter=1