WHAT IS WHALING ATTACK?

 

WHAT IS WHALING ATTACK?

A whaling attack is a method that cybercriminals use to simulate occupying higher-level positions in an organization and thus directly attack senior executives or other important people within it, in order to steal money, obtain confidential information or gain access to your computer systems for criminal purposes. Whaling, also known as CEO fraud, is similar to phishing in that it uses methods, such as spoofing of websites and emails, to trick the victim into revealing confidential information or making money transfers, among other actions.

Unlike phishing scams (which don't have a specific target) and spear phishing (which target specific people), whaling takes the attack to the next level - it doesn't just target these important people, it also targets them in a way that makes it appear that the fraudulent communications are coming from an influential person or who has a higher level position within the organization. From this strategy comes the name "whaling" - a targeted attack targeting the "big shots" in companies, such as the chief executive officer (CEO) or finance manager. This brings an element of social engineering to the attack, as employees feel compelled to respond to requests from a person they consider important.

The threat is very present today and continues to grow. In 2016, Snapchat's payroll department received a whaling email that appeared to come from its CEO. In it, information on the payroll of employees was requested. Last year, Mattel (one of the major toy manufacturing companies) was the victim of a whaling attack after a senior financial executive received an email from a scammer impersonating the new CEO and requesting a transfer of money. As a result, the company almost lost $ 3 million.

HOW WHALING ATTACKS WORK AND HOW TO PROTECT YOURSELF FROM THEM?

As we mentioned earlier, whaling attacks differ from spear phishing in that the fraudulent communications appear to be coming from a higher-level person. These attacks take on a more legitimate appearance when cybercriminals carefully investigate available open resources, such as social media, to devise a tailored strategy for each victim they wish to deceive.

One strategy could be an email that appears to come from a higher-level manager and references information the attacker obtained online; For example, they could view photos of the company's Christmas party on social media and send an email with the following message: "Hi John, this is Steve. You were quite drunk at the party last Thursday! I hope you did managed to get the beer stain off your red shirt. "

Also, the sender's email address generally appears to be legitimate, and the email may even include company logos or links to fraudulent websites designed to look like the real thing. Given that these "big shots" often have high credibility and a high level of access within the organization, the cybercriminal has a very good reason to put more effort into designing an attack that appears more credible.

The first strategy to stay safe from whaling attacks is to educate the important people of the organization so that they stay alert to the possibility of being victims of these attacks. Ask key employees to exercise caution when they receive unexpected communications, especially about important information or financial transactions. Always ask yourself a few key questions: were you expecting to receive an email, an attachment or a link? Does the request have something strange?

They also need to be able to detect typical signs of an attack, such as spoofed (fraudulent) email addresses and sender names. By simply hovering over the sender's name in an email, the full email address can be seen. Thus, it is easy to study it carefully and determine if it exactly matches the name and format of the company. The IT department should carry out whaling tests to assess how key employees react to these attacks.

On the other hand, executives must be especially careful when posting and sharing information online on social media, such as Facebook, Twitter, and LinkedIn. Cybercriminals can use any type of personal information, such as birthdays, hobbies, vacations, job titles, promotions and relationships, to craft more sophisticated attacks.

A great way to reduce the damage that spoofed emails can cause is to have your IT department automatically flag all emails from external locations for review. Generally, whaling attacks are based on tricking important employees into thinking that the messages are coming from within the organization; for example, a money transfer request submitted by a finance manager. If external messages are flagged, it is easier to detect those that are false and at first glance appear legitimate, even to people who do not have much experience.

It is also recommended to implement phishing protection software that includes various services, such as URL checking and link validation. Another recommended step is to add an additional level of validation for sending sensitive information or large amounts of money. For example, instead of conducting exchanges electronically, an in-person meeting or phone call may be the best way to perform critical or confidential tasks.

Two is better than one when it comes to scams. Consider modifying the procedures so that two people must authorize payments, rather than one. This not only offers the perspective of a second person to resolve doubts, it also reduces the likelihood that the employee will fear retaliation from that higher level person in case they feel upset by the rejection of the request as fear is a key social engineering tactic on which attackers depend.

To be sure about the scam one should be aware of it and use the antivirus software to have complete security and be away from all the scan and “real looking” emails