Whaling or Whale Phishing or Whaling Phishing, call it whatever you may, it is one of the most well-planned attacks on the whales aka the C-suite executives of an organization.
The aim behind Whale Phishing is to trick the executives into doing what the Whale attackers want them to do. That could range from money siphoning to stealing sensitive and confidential data.
So, what exactly is whaling phishing?
Whaling Phishing Attack: The Definition, Identification, and Prevention
Before I talk about what is whaling phishing, understand this:
About 72% of whaling attackers pretended to be the CEOs, while 36% were attributed to the CFOs.
Note: If you are a small business owner or a medium-size enterprise you can be at higher risk for a variety of reasons but the most prominent being –
LACK OF PROPER CYBERSECURITY MEASURES IN PLACE.
What Is Whaling Phishing Attack?
Whaling Phishing Attack, as defined by Toolbox, is a cyber-attack wherein cybercriminals disguise themselves as members of a senior management team or other high-power executives of an establishment to target individuals within the organization, either to siphon off money or access sensitive information for malicious purposes.
How Does Whaling Work?
Whaling attackers do a lot of groundwork before they attack their target. The groundwork includes –
- Stalking the target’s social media sites
- Fetching information on all the deals related to the individual
- Sourcing the current turmoil in an organization
- Studying the pattern of the target – like what the person likes to eat, drink, where they go for a holiday – yes, it is like stalking – but digital stalking
Once all these details are obtained, attackers plan either a call or an email, or an SMS that looks believable enough for the target to do the required action.
How to Identify a Whaling Phishing Attack?
- Red flag all the emails coming from external sources
- Cross-check all the sensitive requests received
- Watch out for near-similar email domains
- Look out for any suspicious links in the email received
- Try to confirm the source of unsolicited attachments
- Find out any spelling errors or grammatical issues, including the writing style issues
Some Practices to Help You Stay Alert and Avoid Whaling Phishing Attack
- Awareness regarding whaling phishing attacks should be made a priority, especially for SMEs and MSMEs
- Ensure that the higher management including CEOs and CTOs are stakeholders
- Clear and regular communication with your staff and all the stakeholders regarding Whaling Phishing is a must
- Ensure there is a whaling phishing training in your company and keep the training simple and jargon-free
- Regular whaling phishing drills will ensure that everyone is ready when an actual attack happens
- Empower all the employees across all the levels, and encourage an open-door policy in your organization
These are a few of the ways you can practice ensuring you are safe from a whaling phishing attack.
Remember prevention is always better than a cure. Practice safe online practices and ensure robust cybersecurity.
6 thoughts on “W is for Whaling — An Attack on Whales!”
Great information. Thank you!
Thank you for stopping by and appreciating the post.
It is so scary. Even the tech savy educated people fall prey to their well laid out web. Thanks for sharing this information Swati!
Thank you for visiting my A to Z blog. Where I work, we do get regular cybersecurity training, but all you need is one employee who is distracted or perhaps not feeling well, and lets down his/her guard for just a second. Constant training and drills really are the key and you explained this concept in such simple terms. Alana ramblinwitham
LikeLiked by 1 person
Thank you for dropping by Alana. Yes, it takes one distracted employee for hackers to take advantage. Thank you for your kind words.