Whaling: Personalised cyber attacks targeting business leaders

Whaling is a phishing attack that targets the “big fish” or high level executives within an organisation masking as a legitimate email.

As mentioned whaling attacks are highly targeted as they seek to trick specific group of individuals. As such these targeted phishing attacks may typically include the name, job title, and company of the person they are seeking to exploit.

Information used in the whaling attack is often gathered through visiting the company’s website prior to initiating the attack or finding information via social media or public records.

These emails often impersonate a reputable individual or organisation, such as another leader within the business, a third party partner or bank. As such, these phishing emails can be extremely tricky to spot making them one of the most dangerous social engineering types.

The context of these emails may request authorisation for a payment or transaction or the request to share personal information.

How to prevent whaling attacks

1. Use advanced threat protection

Instead of waiting for cyber security threats to emerge, an effective cyber security strategy seeks to understand all the potential weak points in an organisation’s digital landscape, thus minimising the risk of cyber security incidents.

2. Email filtering software

An efficient email filtering system will be able to scan and identify potentially harmful emails and prevent them from landing into your inbox.

3. Multifactor authentication

When a whaling attack has been acted upon, having multifactor authentication in place can help prevent a cybercriminal from receiving unauthorised access to shared data.

4. Cross check to verify contact information

All members within your organisation, from the newest employee to senior directors should be encouraged to verify requests to share information with an individual directly before sharing.

Increase your cyber security awareness

It’s crucial to gain an understanding of your business’s cyber security status and provide continuous cyber security and awareness training and support to enhance your cyber security capabilities. This will ensure that your business is well-equipped to tackle any cyber threats that may arise.

Get in touch to find out more about how our cyber security solutions can help.

See our cyber security solutions.