---
title: "Phishing Case Studies: Learning From the Mistakes Of Others | Phish Protection"
description: "Phishing remains one of the oldest and the most commonly used modus operandi by cyber adversaries to access network systems globally."
image: "https://phishprotection.com/og/blog/phishing-case-studies-learning-from-the-mistakes-of-others.png"
canonical: "https://phishprotection.com/blog/phishing-case-studies-learning-from-the-mistakes-of-others/"
---

Quick Answer

Phishing remains one of the oldest and the most commonly used modus operandi by cyber adversaries to access network systems globally. Though phishing attacks can be of many types, BEC or Business Email Compromise causes the most significant threat to businesses. Verizon's 2020 DBIR (Data Breach Investigations Report) states that 22% of data breaches in 2019 involved phishing.

Share 

[ ](https://www.linkedin.com/sharing/share-offsite/?url=https%3A%2F%2Fphishprotection.com%2Fblog%2Fphishing-case-studies-learning-from-the-mistakes-of-others%2F "Share on LinkedIn") [ ](https://twitter.com/intent/tweet?text=Phishing%20Case%20Studies%3A%20Learning%20From%20the%20Mistakes%20Of%20Others&url=https%3A%2F%2Fphishprotection.com%2Fblog%2Fphishing-case-studies-learning-from-the-mistakes-of-others%2F "Share on X/Twitter") [ ](https://www.facebook.com/sharer/sharer.php?u=https%3A%2F%2Fphishprotection.com%2Fblog%2Fphishing-case-studies-learning-from-the-mistakes-of-others%2F "Share on Facebook") [ ](https://reddit.com/submit?url=https%3A%2F%2Fphishprotection.com%2Fblog%2Fphishing-case-studies-learning-from-the-mistakes-of-others%2F&title=Phishing%20Case%20Studies%3A%20Learning%20From%20the%20Mistakes%20Of%20Others "Share on Reddit") [ ](mailto:?subject=Phishing%20Case%20Studies%3A%20Learning%20From%20the%20Mistakes%20Of%20Others&body=Check out this article: https%3A%2F%2Fphishprotection.com%2Fblog%2Fphishing-case-studies-learning-from-the-mistakes-of-others%2F "Share via Email") 

![Phish Protection blog post image](https://media.mailhop.org/phishprotection/images/2021/03/phishing-prevention-3999.jpg) 

_Phishing remains one of the oldest and the most commonly used modus operandi by cyber adversaries to access network systems globally_. Though **phishing attacks** can be of many types, BEC or Business Email Compromise causes the most significant threat to businesses. [Verizon’s 2020 DBIR (Data Breach Investigations Report](https://enterprise.verizon.com/en-gb/resources/reports/dbir/2020/summary-of-findings/)) states that _22% of data breaches in 2019 involved phishing_. [ESET’s Threat Report](https://www.welivesecurity.comhttps://media.mailhop.org/phishprotection/images/2020/10/ESET%5FThreat%5FReport%5FQ32020.pdf) highlights that malicious email detections rose by 9% between the second and third quarters in 2020.

Here are some critical statistics related to the above points.

- As malicious actors rely more on phishing to access network systems, there is a [decrease of 40% on breaches involving malware](https://enterprise.verizon.com/en-gb/resources/reports/dbir/), further shifting the cybersecurity focus from **anti-malware solutions** to [anti-phishing solutions](/).
- Nearly [65% of the active phishing attacks](https://docs.broadcom.com/doc/istr-24-2019-en) relied on spear-phishing in 2019.
- A whopping [96% of phishing attacks arrive by email](https://enterprise.verizon.com/en-gb/resources/reports/dbir/).

Despite organizations employing the most effective [anti-phishing solutions](/products/advanced-threat-defense/) in their network systems, _phishing attacks are growing relentlessly worldwide due to employee negligence_. [Employee training](/products/phishing-awareness-training/) is one way to deal with such problems. Learning from the mistakes of others is also an effective remedial measure. Here are some phishing case examples caused by employee negligence that cost their organizations heavily.

### Case No 1: Upsher-Smith Laboratories, Loss Of Nearly $39 Million

Though this incident happened sometime in 2014, it has tremendous significance because it is one of the classic email examples of the [CEO Fraud](/products/ceo-fraud-protection/) category. CEO fraud is a cyber-attack carried out by malicious actors wherein they send **phishing email**s to the organization’s employees by posing as the organization’s CEO.

In this case, [cyber adversaries pretending to be the organization’s CEO](https://www.fox9.com/news/ceo-spoofing-costs-drug-company-50-million) emailed the Accounts Payable Coordinator at Upsher-Smith Laboratories, a Maple Grove-based drug establishment, to follow the instructions from the CEO and the organization’s lawyer. _The instructions were to make nine wire transfers to the fraudster’s accounts for amounts **exceeding $50 million**_. Though the organization managed to stop one of the bank transfers, its loss was upwards of $39 million.

![Phishing prevention](https://media.mailhop.org/phishprotection/images/2021/03/phishing-prevention-3999.jpg) 

#### Employee Negligence Factor

In this case, the employee was negligent in taking the emails at face value. _He/she could have contacted the CEO’s office to confirm the origin of such emails_, especially if they were not following the standard procedures. The bank handling the transfer is also negligent of missing the multiple red flags, especially the amounts and the frequency of transfers, suspicious beneficiaries, and the failure to include a second signatory to the requests.

#### Lessons Learned From The Case

Here are some lessons one can learn from this case.

- Generally, \_CEOs do not directly ask employees to make urgent transfer\_s. Even if they do, the employee could have dropped an email to confirm the request. _A precautionary phone call could have stopped this crime from happening_.
- Such **phishing emails** come with an urgency factor. They also insist on confidentiality. Generally, such requests are departures from the organization’s regular procedures.
- The primary lesson one can learn from this attack is not to take any email at face value. _It does not cost much to confirm_.

### Case No 2: Twitter Phishing Case, 2020

The [Twitter Phishing case of July 2020](https://www.bbc.com/news/technology-53607374) should be fresh on everyone’s mind. _It is a classic case of threat actors compromising the employees’ passwords to gain unauthorized access_.

In July 2020, several Twitter employees became victims of **spear phishing attacks** enabling the malicious actors to access the administrator’s tools. Malicious actors posed as Twitter IT administrators and emailed/phoned Twitter employees working from home, asking them to share user credentials. _Using these compromised accounts, the cyber adversaries gained access to the administrator’s tools_. It enabled them to reset the Twitter accounts of celebrities like Elon Musk, Barack Obama, Jeff Bezos, Apple, Uber, and many more to tweet scam messages asking for Bitcoin contributions.

As these celebrity accounts have a massive following, _many Twitter users transferred at least **$180,000 in Bitcoins** to scam accounts_. Luckily, the scam messages were published and noticed by the press. It forced Twitter to take immediate action.

#### Lessons Learned From The Case

Twitter did not follow proper cybersecurity strategies as the compromised employees did not have appropriate email [phishing protection solutions](/) installed on their devices. Privileged access management solutions and monitoring user and entity behavior could have prevented this scam from happening.

_Twitter experienced a 4% fall in its share price due to its failure in detecting and mitigating the scam in time_. Twitter also had to stop its release of the new API to update security protocols. Educating employees on **social engineering attacks** is crucial to prevent such frauds from occurring. Though the financial loss was insignificant, Twitter lost its reputation of being one of the most secure social media platforms.

![Phishing prevention](https://media.mailhop.org/phishprotection/images/2021/03/phishing-prevention-3996.jpg) 

### How To Manage Such Phishing Attacks?

_Though employee negligence is one of the primary reasons for such **phishing attacks**_, organizations can take remedial steps to thwart such crimes in the future.

- [Educating employees](/products/phishing-awareness-training/) on how a phishing attack looks and emphasizing aspects like not clicking on suspicious email links or downloading malicious attachment files can help prevent many **phishing attacks** right at the initial stage.
- Investing in efficient **anti-phishing** and [anti-ransomware solutions](/products/advanced-threat-defense/) and ensuring the [best phishing protection](/) should be the first things an organization should do to manage phishing scams.
- Other remedial measures include changing passwords regularly, installing security updates on time, not sharing information on unsecured sites, and investing in a robust **data security platform** to help organizations deal with such issues.

### Final Words

**Phishing attacks** will continue to happen in the future. _It is up to the organization and its employees to learn from past mistakes and not repeat them_. Employees can educate themselves on how to stop phishing emails. Organizations can deploy the best [phishing protection solutions](/) to deal with such situations effectively. Furthermore, organizations must include case studies related to past incidents in the employee education and [training programs](/products/phishing-simulation/).

## Topics

[ Phishing ](/tags/phishing/) 

![Brad Slavin](https://media.mailhop.org/phishprotection/images/authors/brad-slavin.jpg) 

[ Brad Slavin ](/authors/brad-slavin/) 

General Manager

Founder and General Manager of DuoCircle. Product strategy and commercial lead across DuoCircle's 2,000+ customer base.

[LinkedIn Profile →](https://www.linkedin.com/in/bradslavin) 

## Protect your inbox from phishing attacks

Real-time email security with 60-day free trial. No credit card required.

[Start Free Trial](https://portal.duocircle.com/cart.php?a=add&pid=101&brand=phishprotection) [View Pricing](/pricing/) 

## Related Articles

[  Foundational 5m  0ktapus, Okta Breach Helps Attackers Launch Sophisticated Supply Chain Attacks  Sep 5, 2022 ](/blog/0ktapus-okta-breach-helps-attackers-launch-sophisticated-supply-chain-attacks/)[  Foundational 4m  13 Spear Phishing Attacks Examples To Justify Investment For Phishing Prevention Solutions In Your Organization  Aug 1, 2019 ](/blog/13-spear-phishing-attacks-examples-to-justify-investment-for-phishing-prevention-solutions-in-your-organization/)[  Foundational 4m  All 14 centers of Kettering Health were affected by a massive ransomware attack, Major outage in the Ohio medical center  May 23, 2025 ](/blog/14-centers-of-kettering-health-were-affected-by-massive-ransomware-attack-in-ohio-medical-center/)[  Foundational 4m  2021 Phishing Trends You Need To Be Wary Of  Aug 2, 2021 ](/blog/2021-phishing-trends-to-be-wary-of/)

```json
{"@context":"https://schema.org","@type":"Organization","name":"Phish Protection","url":"https://phishprotection.com","logo":{"@type":"ImageObject","url":"https://phishprotection.com/images/phishprotection-logo.png"},"description":"Advanced phishing protection and email security for businesses. Real-time threat defense, time-of-click protection, and seamless Office 365 integration.","parentOrganization":{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138883901","name":"DuoCircle LLC","url":"https://www.duocircle.com","sameAs":["https://www.wikidata.org/wiki/Q138883901","https://www.crunchbase.com/organization/duocircle-llc","https://www.linkedin.com/company/duocircle","https://github.com/duocircle"],"subOrganization":[{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897474","name":"AutoSPF","url":"https://autospf.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897912","name":"Phish Protection","url":"https://www.phishprotection.com"}]},"sameAs":["https://www.linkedin.com/company/duocircle","https://x.com/duocirclellc","https://www.facebook.com/duocirclellc","https://github.com/duocircle"],"contactPoint":{"@type":"ContactPoint","contactType":"customer support","url":"https://phishprotection.com/contact/"},"knowsAbout":["Phishing Protection","Email Security","Anti-Phishing","Business Email Compromise","Ransomware Protection","Time of Click Protection","Office 365 Email Security","Advanced Threat Defense"]}
```

```json
{"@context":"https://schema.org","@type":"WebSite","name":"Phish Protection","url":"https://phishprotection.com","description":"Advanced phishing protection and email security for businesses. Real-time threat defense, time-of-click protection, and seamless Office 365 integration.","publisher":{"@type":"Organization","name":"Phish Protection","url":"https://phishprotection.com","logo":{"@type":"ImageObject","url":"https://phishprotection.com/images/phishprotection-logo.png"},"description":"Advanced phishing protection and email security for businesses. Real-time threat defense, time-of-click protection, and seamless Office 365 integration.","parentOrganization":{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138883901","name":"DuoCircle LLC","url":"https://www.duocircle.com","sameAs":["https://www.wikidata.org/wiki/Q138883901","https://www.crunchbase.com/organization/duocircle-llc","https://www.linkedin.com/company/duocircle","https://github.com/duocircle"],"subOrganization":[{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897474","name":"AutoSPF","url":"https://autospf.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897912","name":"Phish Protection","url":"https://www.phishprotection.com"}]}}}
```

```json
{"@context":"https://schema.org","@type":"BlogPosting","headline":"Phishing Case Studies: Learning From the Mistakes Of Others","description":"Phishing remains one of the oldest and the most commonly used modus operandi by cyber adversaries to access network systems globally.","url":"https://phishprotection.com/blog/phishing-case-studies-learning-from-the-mistakes-of-others/","datePublished":"2021-03-25T10:43:34.000Z","dateModified":"2026-04-17T16:29:18.000Z","dateCreated":"2021-03-25T10:43:34.000Z","author":{"@type":"Person","@id":"https://phishprotection.com/authors/brad-slavin/#person","name":"Brad Slavin","url":"https://phishprotection.com/authors/brad-slavin/","jobTitle":"General Manager","description":"Brad Slavin is the founder and General Manager of DuoCircle, the company behind DMARC Report, AutoSPF, Phish Protection, and Mailhop. He founded DuoCircle in 2014 and has led the company's growth to 2,000+ customers across its email security product family. Brad's focus is product strategy, customer relationships, and the commercial and compliance side of email authentication (DPAs, SLAs, enterprise procurement).","image":"https://media.mailhop.org/phishprotection/images/authors/brad-slavin.jpg","knowsAbout":["Email Security Strategy","SaaS Product Management","Enterprise Compliance","Customer Success","Email Deliverability Business"],"worksFor":{"@type":"Organization","name":"Phish Protection","url":"https://phishprotection.com"},"sameAs":["https://www.linkedin.com/in/bradslavin"]},"publisher":{"@type":"Organization","name":"Phish Protection","url":"https://phishprotection.com","logo":{"@type":"ImageObject","url":"https://phishprotection.com/images/phishprotection-logo.png"},"description":"Advanced phishing protection and email security for businesses. Real-time threat defense, time-of-click protection, and seamless Office 365 integration.","parentOrganization":{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138883901","name":"DuoCircle LLC","url":"https://www.duocircle.com","sameAs":["https://www.wikidata.org/wiki/Q138883901","https://www.crunchbase.com/organization/duocircle-llc","https://www.linkedin.com/company/duocircle","https://github.com/duocircle"],"subOrganization":[{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897474","name":"AutoSPF","url":"https://autospf.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897912","name":"Phish Protection","url":"https://www.phishprotection.com"}]},"sameAs":["https://www.linkedin.com/company/duocircle","https://x.com/duocirclellc","https://www.facebook.com/duocirclellc","https://github.com/duocircle"],"contactPoint":{"@type":"ContactPoint","contactType":"customer support","url":"https://phishprotection.com/contact/"},"knowsAbout":["Phishing Protection","Email Security","Anti-Phishing","Business Email Compromise","Ransomware Protection","Time of Click Protection","Office 365 Email Security","Advanced Threat Defense"]},"mainEntityOfPage":{"@type":"WebPage","@id":"https://phishprotection.com/blog/phishing-case-studies-learning-from-the-mistakes-of-others/"},"articleSection":"foundational","keywords":"Phishing","wordCount":1000,"image":{"@type":"ImageObject","url":"https://media.mailhop.org/phishprotection/images/2021/03/phishing-prevention-3999.jpg","caption":"Phish Protection blog post image","width":1200,"height":630},"speakable":{"@type":"SpeakableSpecification","cssSelector":[".answer-block","h1"]}}
```

```json
{"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https://phishprotection.com/"},{"@type":"ListItem","position":2,"name":"Blog","item":"https://phishprotection.com/blog/"},{"@type":"ListItem","position":3,"name":"Foundational","item":"https://phishprotection.com/foundational/"},{"@type":"ListItem","position":4,"name":"Phishing Case Studies: Learning From the Mistakes Of Others","item":"https://phishprotection.com/blog/phishing-case-studies-learning-from-the-mistakes-of-others/"}]}
```