No, we’re not talking about your business being stalked by Green Peace. Whaling, in this instance, refers to a specialized form of a phishing attack. The aim is not necessarily just to get information, it may also involve getting the victim to transfer money.
If you’re thinking, “It’s just another Nigerian prince scam,” think again. This is a lot more sophisticated. It will look realistic right down to the signature and the company logo. They’ll also make sure that the email address looks vaguely correct. And, while those Nigerian prince emails scream scam, these will look completely legit.
There are two basic forms that these scams will take.
The Victim Will Be a High-Ranking Employee
It could be a CEO or CFO or someone in a similar senior position. The attacker will draw as much information about his target as possible. This is not a brute-force technique – the phisher will make use of social engineering and possibly business email compromising techniques to get what they want.
They might try to emulate a trusted client, supplier, or even a staff member in the company. The idea is to get the company’s officer to release sensitive information or possibly authorize a fraudulent transfer.
The Scammer May Pretend to Be a High-Ranking Employee
Another form that the scam might take is that the scammer emulates a high-ranking officer. They may ask for information, or “authorize” an urgent payment.
I’d Never Fall for This
You’d think it would be simple enough to identify these attacks. Unfortunately, you’re not dealing with some low-level scammer here. This person understands that the attack must be flawless. They’ll do their research.
Everything, from the signature on the email to the company logo will seem to check out. They may even throw in some personal details gleaned online to convince you that they are the legitimate person.
According to anti-phishing experts, EveryCloud, phishers have really upped their game. To illustrate their point, they even offer a free phish test. There are also plenty of phishing examples that you can draw online.
At this point, it’s safer to assume that you won’t recognize an attack and remain vigilant.
This Could Devastate Your Business
If you fall victim to one of these attacks, the best-case scenario is that you lose some money. Sure, the monetary loss will sting, but giving out privileged information is even more devastating.
The reputational damage is only part of the issue to contend with. You’ll also have to contend with potential penalties and damaging civil suits. Overall, it’s better to work toward implementing better security practices and procedures than dealing with the fallout afterward.
Need more cybersecurity awesomeness? Check out this infographic: