Whaling likely to increase in frequency and severity
Emails. They’re annoying and frustrating, but they are still the favourite method of enterprise communication for its ease and prevalence of use. It’s no wonder, then, they are also the favourite attack vehicle of cybercriminals.
Whatever name you choose to call it: whaling, phishing or BEC (Business Email Compromise), this form of attack will be a growing concern for enterprise security officers during the foreseeable future.
Whaling/BEC, as opposed to phishing, is a highly targeted attack aimed at C-level executives who, because of a lack of education and/or training, are tricked into handing over the “keys to the kingdom” – the company’s financial details.
The following links, including practical guides, all relate to Whaling. White papers are available in our download section.
Phishing: it’s not a gentlemanly sport
Unlike whaling which is aimed at the company’s “big fish,” thus the term whaling, phishing is aimed at everyone else. It uses a wholesale approach rather than the exclusive retail approach used with whaling. Hence, cybercriminals rely on volume email diffusion to catch their prey.
Many different phishing email strategies are used but most employ the tactics of fear or avarice to entice victims – the news of a compromised personal account which requires immediate information verification, or the promise of substantial monetary compensation in exchange for the user’s personal details (think Nigerian Prince scam).
In the following articles, we’ve included links to phishing tests. Can you tell the difference between a real and fake email?