Unlike your traditional spray-and-pray phishing attack, a 'whaling' scam gives a cyber criminal a much higher success rate - and here's exactly why.
We're all (hopefully) getting a lot smarter when it comes to responding to emails these days. With constant reminders on new types of scams, it seems as though falling for a templated phishing attack is a thing of the past.
The sad truth is, hackers are always one step ahead of the game. Now, more and more businesses are being introduced to a more targeted type of phish- the whaling attack.
Whaling hugely differs from your traditional type of phishing attack. Here, cyber criminals will do their research on potential victims that they wish to impersonate or attack, often using social media or company websites to bolster their chamber of ammunition.
They'll even go as far as copying their victim's email signatures and style of writing, leaving no stone un-turned. Pretty concerning, right? Don't worry, in this blog we'll discuss what you can do to protect you and your business from these types of ultra targeted attacks.
" Phishing is not limited to email and website pop-ups. Links in online ads, status updates, tweets and Facebook posts can lead you to criminal portals designed to steal your financial information."Transunion
What Actually is a Whaling Attack?
This clever variant of phishing is taking over. Whaling specifically targets senior management that have a higher power in a company, such as a CEO or CFO. This preference of targeting the bigger fish of an organisation is exactly where the term 'whaling' comes from.
"Whales" are carefully chosen because of their authority and access within the company, with the more access you have to valuable data, the more chance you have of becoming a target.
Cyber criminals will use fraudulent emails that appear to be from trusted sources to try and trick you into imparting sensitive data via email or a fake website that appears to be legitimate, they usually request sensitive information such as your bank details. Be very wary of the emails that appear in your inbox, attackers are known to use actual corporate logos, phone numbers and other details to make the email appear trustworthy. Knowing how to spot phishing emails is very difficult unless you know what to look out for.
Whaling is a form of phishing which targets specific individuals to gain sensitive information or even money.
What does a whaling attack look like?
Now we've discussed what a whaling attack is it's now time to show you what one looks like. Whaling attacks can be quite difficult to spot because of how personalised they are, they almost look legitimate.
The key difference between a whaling attack and a spear phishing attack is that whaling attacks target a specific high ranking victims within a company. The targets will usually have access to sensitive data or financial information.
From the example of a whaling email below here is what you need to look out for:
Is the domain name correct
Is the email out of the blue
Is there a sense of urgency
Are you being asked to give away financial or sensitive information
Have you only received the email
It's not just your employees that need security awareness training
CEO's and directors are very busy people, but that is no excuse for them to sit out of security awareness training- everyone in your business is a target. Executives and department heads hold the most valuable data to a company, so they will be a cyber criminal's most prized target.
Taking part in security awareness training improves the awareness around the many forms of cyber attacks that could potentially destroy your business. You can also locate your knowledge gaps with every individual, this allows you to see which employees need more training on specific topics. Choosing a good security awareness training platform is key, a platform that offers short bite-size modules with engaging content will keep your employees more focused and improve their knowledge of the various forms of cyber attacks.
Phish your employees
A shocking 91% of cyber attacks start with a simple phishing email.
It's not only the less technical or lower level employees that are falling for phishing scams, these attacks are reaching their way up the ladder- right through to the C-suite.
Security awareness training not only increases the awareness around phishing but exposes your employees biggest weaknesses, after finding out your employees weaknesses the training will be tailored to each employee and their weaknesses to improve their knowledge on any topics they struggle with. As well as phishing your employees you can also monitor their progress and Jupiter review which employees opened, clicked and ignored the simulated phishing email.
Whaling phishing is just one of the many forms of a cyber attack criminals result to using. In today's digital workplace, it is key to make sure you and your employees understand what types of cyber attack are out there and how to spot them.
Implementing the right security is a must, something as simple as backing up devices and updating software is something so simple yet so effective. Another tool that is worth looking at is 2-factor-authentication. It's very simple to set up and could potentially save your data from being accessed or stolen. Dictionary analysis is another wonderful form of security, it monitors for certain words within emails, or example, the words associated with whaling are "pay the invoice, " tax details".