Whaling

Whaling likely to increase in frequency and severity

Emails. They’re annoying and frustrating, but they are still the favourite method of enterprise communication for its ease and prevalence of use. It’s no wonder, then, they are also the favourite attack vehicle of cybercriminals.

Whatever name you choose to call it: whaling, phishing or BEC (Business Email Compromise), this form of attack will be a growing concern for enterprise security officers during the foreseeable future.

Whaling/BEC, as opposed to phishing, is a highly targeted attack aimed at C-level executives who, because of a lack of education and/or training, are tricked into handing over the “keys to the kingdom” – the company’s financial details.

The following links, including practical guides, all relate to Whaling. White papers are available in our download section.

Don’t let this happen to you – the $100Mn phish

An example of how phishers get you to click

Amazon email phishes for more than compliments

Whaling: This primer by Mimecast could save you millions

Email protection that costs nothing 

Fake CEO email costs firm $47 million; CEO fired

Phishing

Phishing: it’s not a gentlemanly sport

Unlike whaling which is aimed at the company’s “big fish,” thus the term whaling, phishing is aimed at everyone else. It uses a wholesale approach rather than the exclusive retail approach used with whaling. Hence, cybercriminals rely on volume email diffusion to catch their prey.

Many different phishing email strategies are used but most employ the tactics of fear or avarice to entice victims – the news of a compromised personal account which requires immediate information verification, or the promise of substantial monetary compensation in exchange for the user’s personal details (think Nigerian Prince scam).

In the following articles, we’ve included links to phishing tests. Can you tell the difference between a real and fake email?

Phishing attack hooks NHS Trust employees

Free phishing test by KnowBe4

Protecting your young ‘uns from the back to school cyber-predators 

Gone Phishing 

Four steps to mitigate human error in IT environments