Whaling: Personalised cyber attacks targeting business leaders
Whaling is a phishing attack that targets the “big fish” or high level executives within an organisation masking as a legitimate email.
As mentioned whaling attacks are highly targeted as they seek to trick specific group of individuals. As such these targeted phishing attacks may typically include the name, job title, and company of the person they are seeking to exploit.
Information used in the whaling attack is often gathered through visiting the company’s website prior to initiating the attack or finding information via social media or public records.
These emails often impersonate a reputable individual or organisation, such as another leader within the business, a third party partner or bank. As such, these phishing emails can be extremely tricky to spot making them one of the most dangerous social engineering types.
The context of these emails may request authorisation for a payment or transaction or the request to share personal information.
How to prevent whaling attacks
1. Use advanced threat protection
Instead of waiting for cyber security threats to emerge, an effective cyber security strategy seeks to understand all the potential weak points in an organisation’s digital landscape, thus minimising the risk of cyber security incidents.
2. Email filtering software
An efficient email filtering system will be able to scan and identify potentially harmful emails and prevent them from landing into your inbox.
3. Multifactor authentication
When a whaling attack has been acted upon, having multifactor authentication in place can help prevent a cybercriminal from receiving unauthorised access to shared data.
4. Cross check to verify contact information
All members within your organisation, from the newest employee to senior directors should be encouraged to verify requests to share information with an individual directly before sharing.
Increase your cyber security awareness
It’s crucial to gain an understanding of your business’s cyber security status and provide continuous cyber security and awareness training and support to enhance your cyber security capabilities. This will ensure that your business is well-equipped to tackle any cyber threats that may arise.
Get in touch to find out more about how our cyber security solutions can help.