Most people have experienced a “phishing” attempt at some point in their lives. Phishing is typically a large-scale attempt at getting computer users to give up personal or business information for malicious reasons. These normally come in the form of an email doctored to look like it is from a reputable source to lower the guard of the recipient. They cast a wide net, sending thousands of emails a day in hopes of catching something worthwhile. There are many variations of this type of attack and today we will be taking a closer look at “Whaling”.
Some common themes of a Whaling attack include:
- Targeting top level employees like CEOs, owners and office managers.
- Clean and convincing logos, websites and email account names.
- Requests from seemingly known sources asking for a wire transfer or password.
- They try to create a sense of panic in hopes you rush past the red flags.
You may even receive an email from an address you recognize as a known safe source. It is not uncommon for these attacks to propagate from a person you know that had their account hacked. Now that the attacker has THEIR contact list, they have YOUR email address and can masquerade as a someone you are familiar with. All in the hopes that you don’t think too much about it and provide them either money or information.
A good number of people feel like they could see an attack like this coming from a mile away, and maybe some can. But the reason the types of attacks continue is because people keep taking the bait. According to The New York Times, 20,000 CEOs were targeted in a large scale Whaling attack. Of these 20,000, over 2000 voluntarily gave up their passwords.
So, what can you do to stay safe?
- Be mindful of what you click. Take a moment to hover your cursor over the link and make sure the destination looks legitimate. Look at the sending address, is it spelled correctly? This time spent will be well worth it.
- Always confirm before completing wire transfers originating from an emailed request
- Use an email monitoring service like Mimecast. Mimecast has a feature called Impersonation Protection. (see video below)
- Unlike other spam messages, Whaling attempts don’t typically have the same signs of spam that would set off a filter.
- This Mimecast add-on service can look for combinations of key identifiers found in these attacks and show if a message originated from outside your environment.