A whaling attack, also known as a whale phishing attack, is a common cyber-attack that targets high-profile employees, like CEO or CFO, as they’re likely to possess access to more confidential data, intellectual property, and other sensitive information. In many cases, the attacker's goal is to influence the victim into authorizing high-value wire transfers to the attacker.
Many whale phishing emails are designed to support fraudulent wire transfers. Do you know what exactly is a whaling attack and how can you stay protected? Let us find out.
How does a Whaling Attack work?
A whaling attack is a type of phishing attack that targets wealthy, prominent, and high-profile individuals. In this cyber-attack, a highly customized phishing email which includes the target’s name, job title, and other relevant information, is sent to the high-profile targets. This email includes a link that redirects the targets to a phishing page that harvests the corporate or personal information of the target. Due to their highly targeted nature, whaling attacks are usually very difficult to detect than standard phishing attacks, because the sender's email address and the links used in the email are designed to look very legitimate.
Whaling attack history
In 2016, Snapchat’s payroll department received a whaling email that purported to come from the CEO asking for employee payroll information. In response to the email, the payroll staff disclosed all of the company’s payroll data to a scammer. In March 2016, an executive at Seagate responded to a whaling email that requested the W-2 forms for all current and former employees. This incident caused a breach of income tax data for almost 10,000 Seagate employees. Toy giant, Mattel lost over $3 million after a senior finance executive fell victim to a whaling email attack. The email claimed to come from the new CEO and requested a wire transfer.
Defending against Whaling attacks
Neumetric, a cybersecurity services, consulting & product organization, can help you reduce your security cost without compromising your security posture. Our years of in-depth experience in handling security for organizations of all sizes & in multiple industries make it easier for us to quickly execute cost-cutting activities that do not bring value to you, while you continue focusing on the business objectives of the Organization.
Cybersecurity experts at Neumetric recommend to never click on links or attachments in emails that come from anonymous sources. It is always best to verify the legitimacy of the source before responding to an email. Any email that asks for personal or financial information should be avoided. High-level executives should take extra caution while posting and sharing personal information on social media. Additionally, educating employees on how to identify phishing emails is highly recommended.