The executives of your company are the big fish in your sea. Yet cybercriminals think of them as whales. In fact, whaling is a new cybersecurity threat targeting the C-suite level.
You’ve likely heard of phishing attacks. Phishers use scam emails or spoofed websites to obtain user credentials or financial information. This might be an email that looks like it is from your bank asking you to log in and update your details, or a supposed tax alert needing immediate action.
A vishing attack is another fraudulent attempt to steal protected data, but the cybercriminals are going to use the phone to make contact. They might pretend to be a vendor needing to confirm account details for bill payment.
There’s also spear phishing. In these cases, the attackers do their homework first and target a specific company. They scour directories and employee social media to gather information to gain credibility.
Now, there are whaling attacks, too. The high-value target is a senior-level employee. The fraudster typically also impersonates one of the target’s C-suite counterparts.
What You Need to Know About Whaling
A whaling attack uses the same methods as phishing but focuses on top-level targets. The goal is to get “whales” to reveal sensitive information or transfer money to fraudsters’ accounts.
Whale attacks are intentional. Phishing can see attackers baiting hundreds of hooks to get nibbles. In whaling, information gathered in advance adds credibility to the social engineering. The target has higher value, so it’s worth their time to appear knowledgeable and make a request to and from someone important.
The sender’s email address will look convincing (e.g. from [email protected] instead of [email protected]). The messages will have corporate logos and legitimate links to the company site. Because humans want to help, the communications typically involve an urgent matter.
Whaling attacks are on the rise. In 2016, Snapchat admitted compromising employee data after receiving an email, seemingly from its CEO, asking for payroll information.
In another high-profile example, Mattel nearly transferred $3 million to a Chinese account. Company policy required two signatures, but the attackers (taking advantage of a recent shakeup) faked the new CEO’s signature. The second executive went ahead and added a signature. The only thing that saved the company was that it was a Chinese bank holiday.
Protecting Against Whale Attacks
As with phishing or vishing, the primary way to protect against whaling attacks is to question everything. Train your key staff members to guard what they share on social media. Encourage them to question any unsolicited request. If they weren’t expecting an attachment or link, they should follow up. If a request is unusual, they should trust their spidey-sense and proceed with caution.
It’s also a good idea to develop a policy for handling requests for money or personal information. By requiring that two people must always weigh in, you’re more likely to catch a scam before it’s too late.
Also, train all your employees to look carefully at email addresses and sender names. They should also know to hover over links (without clicking on them) to reveal the full URL.
Security awareness is crucial. It’s also a good idea to test your employees with mock phishing emails.
Call Underdog Today
Want to Know More
We found it very easy to work with Carmine. He gave a very clear and professional quote, he has been promptly responsive in all communications, and the network is working great. I feel very good about using his company for any future IT needs for our business.
Barton Heights had a very successful computer upgrade due to Carmine. I met with him 2-3 months before the project and he gave us an estimate of the entire upgrade process involving 31 computers and a server. He advised us and placed the order. He also worked with us and ended up revising the estimate twice to completely satisfy our computer upgrade needs. He added true value to his service as he was willing to perform the upgrade in the evening when we were closed to minimize our down time as we are a paperless business and rely 100% on our computers. Carmine stepped up and took care of those problems as well, even though that was not his responsibility. He always responds quickly to any issue that occurs. I would highly recommend him to anyone!
I HAVE WORKED WITH CARMINE FOR MANY YEARS. HE HAS DONE EVERYTHING FROM NETWORK SERVER INSTALLATION TO PROGRAM TROUBLESHOOTING. HIS QUALITY OF WORK AND KNOWLEDGE ARE OUTSTANDING. YOU CAN ALWAYS COUNT ON CARMINE TO WORK HARD FOR YOU.
Carmine makes you feel that you are his first concern if you have a Server down or you have a small printing question. We have been with Carmine for 16 years and have only received quality service.
Thank you Carmine. Will recommend you from the rooftops.
12 years in business and I have been there and done that with other IT / Computer biz, and finally found one that listens, asks questions, and comes up with a plan.
If you are having issues or just want to see if there are options for and avenues of improvement for your computer / networking needs, checkout Underdog Computer and Network Support LLC.
There are some others that are good, but I cannot express the difference enough – they actually get it! Every business IS different with different needs and processes, and they take the time to find what is best for you instead of what they think is best for you!
Thank you, Carmine J. Corridore, for allowing me to have a stress free vacation this year! I look forward to working with you in the near future for some serious upgrades!
“Underdog Computer and Network Support are amazing. They go over and above to help the small business owner Thank you Carmine for all you do”