Whaling on the oceans may be a thing of the past in most countries but it’s now a major threat in the cyber world.
Most people have heard of the term phishing but are less familiar with whaling where criminals pretend to be senior executives by using their email address and by sending plausible messages. Like most scams, it relies on the recipient dropping his or her guard when the email arrives. Often, there’s a link to a bogus domain in the message which looks very similar to a website the recipient will be familiar with.
The secure messaging specialist Mimecast estimates that 72 per cent of attacks are messages which claim to be from your company’s CEO and a further 36 per cent claim to come from the finance director. The FBI estimate that 70 per cent of whaling attacks involve some kind of domain spoofing.
Often the criminals rely on information from LinkedIn to gather details about a company executive to help them create a fake ID and devise plausible messages.
In many cases they’re trying to dupe someone into making a wire transfer or to send tax data which contains personal employee information.
How do you minimise the threat?
“There are two things businesses need to do,” says Gary Jowett from Computer & Network Consultants in Brighton. “Tighten-up on cyber security and educate employees about how to spot suspicious messages.”
Education should be ongoing because new people join organisations every year. In fact, it should be a core component of risk management planning. An experienced IT consultant can help you with this.
However, it’s also worth remembering to use common sense.
Most bogus messages purporting to come from senior executives often request immediate action. Any financial transfer is almost always under the threshold required for a second signature so you must learn to spot the tell-tale signs.
“While tightening-up on cyber security can help protect your company, such messages are customised for individual recipients so these won’t be spotted by spam filters,” adds Gary. “So it’s best to be on your guard when a payment transfer request is made at short notice by someone senior.”