Yellowstone Computing
(715)-669-6136
  • Home
  • Services
  • Support
  • Contact
  • Blog
  • About
  • Reviews
  • Repairs

Don’t Get Hooked By a Whaling Attack

3/14/2020

 
Picture
The executives of your company are the big fish in your sea. Yet cybercriminals think of them as whales. In fact, whaling is a new cybersecurity threat targeting the C-suite level.

You’ve likely heard of phishing attacks. Phishers use scam emails or spoofed websites to obtain user credentials or financial information. This might be an email that looks like it is from your bank asking you to log in and update your details, or a supposed tax alert needing immediate action.
A vishing attack is another fraudulent attempt to steal protected data, but the cybercriminals are going to use the phone to make contact. They might pretend to be a vendor needing to confirm account details for bill payment. There’s also spear phishing. In these cases, the attackers do their homework first and target a specific company. They scour directories and employee social media to gather information to gain credibility. Now, there are whaling attacks, too. The high-value target is a senior-level employee. The fraudster typically also impersonates one of the target’s C-suite counterparts.

What You Need to Know About Whaling
A whaling attack uses the same methods as phishing but focuses on top-level targets. The goal is to get “whales” to reveal sensitive information or transfer money to fraudsters’ accounts.
Whale attacks are intentional. Phishing can see attackers baiting hundreds of hooks to get nibbles. In whaling, information gathered in advance adds credibility to the social engineering. The target has higher value, so it’s worth their time to appear knowledgeable and make a request to and from someone important.
The sender’s email address will look convincing (e.g. from smithj@companyx.co instead of smithj@companyx.com). The messages will have corporate logos and legitimate links to the company site. Because humans want to help, the communications typically involve an urgent matter.
Whaling attacks are on the rise. In 2016, Snapchat admitted compromising employee data after receiving an email, seemingly from its CEO, asking for payroll information.
In another high-profile example, Mattel nearly transferred $3 million to a Chinese account. Company policy required two signatures, but the attackers (taking advantage of a recent shakeup) faked the new CEO’s signature. The second executive went ahead and added a signature. The only thing that saved the company was that it was a Chinese bank holiday.

Protecting Against Whale Attacks
As with phishing or vishing, the primary way to protect against whaling attacks is to question everything. Train your key staff members to guard what they share on social media. Encourage them to question any unsolicited request. If they weren’t expecting an attachment or link, they should follow up. If a request is unusual, they should trust their spidey-sense and proceed with caution.
It’s also a good idea to develop a policy for handling requests for money or personal information. By requiring that two people must always weigh in, you're more likely to catch a scam before it’s too late.
Also, train all your employees to look carefully at email addresses and sender names. They should also know to hover over links (without clicking on them) to reveal the full URL.
Security awareness is crucial. It’s also a good idea to test your employees with mock phishing emails.

Comments are closed.

    Yellowstone Computing

    To read about us, click here!

    Archives

    December 2021
    September 2021
    August 2021
    May 2021
    April 2021
    March 2021
    February 2021
    January 2021
    December 2020
    November 2020
    October 2020
    September 2020
    August 2020
    July 2020
    June 2020
    May 2020
    April 2020
    March 2020
    February 2020
    January 2020
    December 2019
    November 2019
    October 2019
    September 2019
    August 2019
    July 2019
    June 2019
    May 2019
    April 2019
    March 2019
    February 2019
    January 2019
    December 2018
    November 2018
    October 2018
    September 2018
    August 2018
    July 2018
    June 2018
    May 2018
    April 2018
    March 2018
    February 2018
    January 2018
    December 2017
    November 2017
    October 2017
    September 2017
    August 2017
    July 2017
    June 2017
    May 2017
    April 2017
    March 2017
    February 2017
    January 2017
    November 2016
    October 2016
    December 2015
    September 2015
    July 2015
    May 2015
    April 2015
    March 2015
    February 2015
    January 2015
    December 2014
    November 2014
    October 2014
    September 2014
    August 2014
    July 2014
    June 2014
    May 2014
    April 2014

    Categories

    All

    RSS Feed

Visit Us!

What Our Clients Are Saying

Joe is really in tune with what our business needs are... what a great guy with amazing skills... - Grassland Veterinary Service

Yellowstone Computing goes above and beyond for their customers! Joe is very knowledgeable and will go the extra mile to make sure his customers not only get what they asked for but also makes sure they are taken care of for many years to come! Between the great business services they provide and their involvement in the Thorp Chamber I'd highly recommend doing business with Yellowstone Computing! Whether you are an individual looking for computer or other technology help or a large employer who needs to either supplement your current IT support or completely outsource it Yellowstone Computing should be one of your first calls! - Justin Z.