Cybercrime is currently in a constantly changing environment where the criminals have become more sophisticated and choosy in their targets. An example of such a targeted attack is the whaling attack which is a form of phishing attack aimed at tricking the top-level executives and decision-makers of an organization. In contrast to the typical phishing emails with the goal of a broad reach and grabbing any person, whaling attacks are more specific and targeted and designed to hook the big fish CEOs, CFOs, COOs, and other top-level executives.
This article offers a description of what whaling attacks are and why executives are the first target and what organisation can do to protect themselves against such high effective scams.
What is Whaling Attack?
Whaling attack is a type of spear-phishing that involves senior executives as the victims by posing as a trusted entity or employee in order to coax the victim into divulging sensitive information, moving funds, or infecting the system with malware.
Whaling is named after the concept of pursuing the big fish, as opposed to normal phishing (ordinary users) or spear-phishing (target individuals). Since the executives tend to possess the access to the most crucial company data, financial statements, and strategic decision-making, the aftermath of a successful whaling attack can be disastrous, both economically, operationally, and even reputationally.
Methods for Whaling Attacks
Whaling attacks are advanced and in many cases, hard to identify. The attackers take time to research the target and make their message look legitimate and urgent. These are some of the general methods:
Spoofed email addresses: The attackers will use email addresses with similar names to the company email addresses, the only difference is that they will alter a few letters.
Social engineering: The messages can be based on actual projects, customers or happenings the victim is taking part in so the email feels genuine.
Impersonation of authority: The attacker can impersonate a trusted colleague, legal counsel, a vendor, or even another executive and demand something urgently be done.
Urgency and pressure: The message in a lot of the whaling emails is stated in a way that makes them seem urgent (āThis must be done by the end of dayā), so the recipient does not go back and check the request.
A common one could be an email purporting to be sent by the CEO of the company that would ask the CFO to wire some money to a vendor as soon as possible or, it would request tax information on some employees to be sent to some consultant.
Why are CEOs and Executives such easy targets?
1. Availability of Critical Information
Executives are privy to sensitive data of the company such as financial, intellectual and staff information. This renders them useful objects of cybercriminals that seek to steal or sell information.
2. Decision-Making Authority
Executives are usually allowed to make big financial decisions, sign contracts, and skip some forms of approvals. Criminals use this privilege to deceive executives into sending money or disclosing company confidential data.
3. Busy Schedules
Senior leaders are usually occupied and also have numerous activities and meetings. This increases their chances of going through their emails superficially and replying without doubting the validity of a request.
4. Strong Reputational Effect
The attack on executives can cause more reputation loss to a company. An effective attack will affect investor confidence and worsen relations with the clients and credibility of the brand.
Practical Effect of Whaling Raids
Whaling attacks have led to great losses to global companies. As an example, in 2015, a whaling scheme cost Ubiquiti Networks $46.7 million. Fraudsters posed as officials of the company and cheated staff to transfer millions to rogue accounts abroad.
These events remind us of how successful these scams may become, even in the case of organisations with otherwise solid cybersecurity.
What You Can Do to Safeguard Your Organization Against Whaling Attacks
Though the whaling attacks are very targeted, the following measures can help the companies in reducing the risk through deepfake detection techniques:
1. Training and Awareness of the Employees
Train executives and employees on the dangers of whaling attacks and identify suspicious emails. Best practices can be reinforced through regular phishing simulations.
2. Check Requests by Multiple Channels
Put in place a policy of checking financial or sensitive information requests by a secondary method such as a phone call or a face to face chat.
3. Install Advanced Email Security
Apply sophisticated email filters, anti-spoofing such as DMARC, SPF, and DKIM, and mark external email.
4. Restrict Access and Control
Be sure to have multi-person approval systems in place even on sensitive operations like wire transfers even in the case of senior executives.
5. Review and Update Policies on a Regular Basis
Make sure that the cybersecurity policies of your company address whaling and other phishing attacks and outline the actions to be taken to prevent them or deal with them in case they happen.
Conclusion
Whaling attacks are one of the most risky types of cybercrimes, and that is so since they are designed to attack the individuals at the top of the organization with the greatest authority and access to things. With knowledge of the reasons behind targeting the executives and effective preventive strategies, companies will be better placed to guard themselves against such high-stakes frauds.
In this era of digitalization, there is no one spared including the CEO. The secret to keeping ahead of the attackers is to be wary and create a culture of cybersecurity awareness at every level of the business.
