Whaling consists in targeting high profile persons with extremely well crafted emails.

Ivan K.
25 Apr 2019

How do cyber criminals use whaling. What is whaling?

Whaling is not only the favourite sport of the Japanese, but a type of cyberattack that uses the spear-phishing methods to go after a high-profile target. Also known as the CEO-fraud, whaling is almost the same as spear-phishing but the difference is that it uses methods such as email and website spoofing to trick the victim into performing specific actions, such as revealing sensitive data or wire transfer. Due to the evolving technologies everything becomes possible because of online communication and as Homer Simpson once said “The problem with the world today is communication…too much communication.” So on one hand phishing scams target random individuals and spear-phishing targets specific individuals or organizations and on the other hand whaling goes to the next level by targeting the chosen victim in such a way that the fraudulent communications they send appear to have come from someone that is high ranked at their organization, such as the CEO or finance manager, or the so called “big fishes”. This type of scam requires a lot of preparation and research so to be executed successfully.

How do whaling attacks work and how do we prevent such scams?

As mentioned above, whaling attacks need more detailed research and careful planning than standard phishing and spear-phishing attacks.

First of all perpetrators look at social media and public company information to establish a profile and plan of attack. For this purpose they usually use malware to infiltrate the targeted network so that they can gather detailed information about the victim. To impersonate a high-value target, the cybercriminals need to take time to figure out the best way to sound like their target, find a way to approach their target, and figure out what kind of information they can get from the victims before the actual attack takes place. So when time comes the perpetrators send emails with much detail for example of a future payment in which they redirect a payment to a different bank account using the exact same writing style and invoices as the original email. So in these cases, the sender’s email address typically looks like it’s from a believable source/ CEO, business partner,senior manager etc./and may even contain corporate logos,original invoices or links to a fraudulent website that has also been designed to look legitimate. Usually A whaling attack will often use a domain name that looks very much like a trusted domain name, but with subtle and almost imperceptible changes. Because a whale’s level of trust and access within their organization tends to be high, it’s worth the time and effort for the cybercriminal to put extra effort into making the experience as casual as it can be. Due to the rising levels of cybercrime in the recent years businesses must be aware of these kind of cyber attacks.

What measures could be taken to increase the level of security and awareness among the employees of corporations?

First of all defending against whaling attacks starts with educating key figures within your organization to ensure they are routinely on guard about the possibility of being targeted. Also encouraging key staff members to maintain a healthy level of suspicion when it comes to unsolicited contact is a must, especially when it comes to important information or financial transactions. Employees should also be trained to look out for the telltale signs of an attack, such as spoofed (fake) email addresses and names. Simply hovering a cursor over a name in an email reveals its full address. By looking carefully, it’s possible to spot if it perfectly matches the company name and format. Our email protector will do the job even if you are having a bad day and you don’t have the spare time to hover stuff on the monitor around. Senior staff members and executives should keep in mind that cybercriminals can you every bit of information they are posting and sharing online on social media sites like Facebook, Twitter and LinkedIn. Details such as birthdays, hobbies, holidays, job titles, promotions and relationships can all be used by cybercriminals to craft more sophisticated attacks. You can reduce the danger posed by spoof emails by requiring your IT department to automatically flag emails for review that come in from outside your network. Or just create a spam filter, so that messages from domains, which are not verified by Google get swept right away. But never mind that investor that just got into web design and IT stuff… Or just you can use our Email Protector - the browser extension that will keep all kinds of phishing, spear-phishing and whaling attacks away from you. One more thing to consider is adding another level of validation when it comes to sharing sensitive information or wiring a large amount of funds. For example, a quick phone call may be the best practice when handling critical or sensitive tasks, rather than simply carrying out the transaction electronically.

Things to keep in mind about whaling attacks:

  • A whaling attack will often use a domain name that looks very similar to the trusted domain name, but with subtle and almost imperceptible changes.
  • You should research whether the specific domain has been bought recently OR has a newly utilized MX record — these things often times give away suspicious activity
  • Suspicious keywords in the body of the message, are often phrases such as “bank transfer” or “wire transfer”.

Statistics show a great progress for this kind of attack over the rest several years

  • Since 2013, more than $12 billion has been unwittingly sent by 78,617 firms through the successful exploitation of CFOs and finance leaders in the U.S., UK and Europe. – A research made by Forbes magazine
  • The FBI reported that companies lost nearly $215 million in 2014 as a result of phishing attacks.
  • Whaling attack instances are on the rise in the U.S., up more than 270% from January to August 2015. The FBI reports that business losses due to a whaling attack totaled more than $1.2 billion in just over two years.
  • In 2016, the Verizon DBIR reported 61 phishing attacks targeting finance teams. That number rose to 170 in 2017 – nearly a 200% increase! According to cyber security provider Smarttech 247, the number of whaling attacks tripled in 2017, with companies of all sizes being targeted.

Ivan K.

Ivan K.

Ivan is a cyber security specialist with keen interest in latest cyber security trends. He is an expert in the area of phishing and whaling mitigation, and shows great knowledge in business risk evaluation.

comments powered by Disqus

PhaaS Request Submission