We hear phishing attack stories that start from someone receiving an email with a request to change password or to answer a quiz to win a grand prize leading to personal and financial information being compromised. Even after all the incidences that we hear about, we still tend to display carefree attitude and roll our eyes at the likelihood of being a victim. This ignorant behavior of ours motivates attackers to create more advanced attacks.
In lieu of phishing attacks, hackers have come with an advanced version named whaling attack. In this, the attacker uses social engineering to fool users into exposing information like financial data, personal details, customer information, or sometimes even make them do a wire transfer to someone they trust.
What is a Whaling Attack?
It is a targeted attempt to steal confidential information from a company by tricking executives into disclosing employee’s personal information. To accomplish the attack senior management personnel who have full access to sensitive data such as CEO, CFO and other executives are targeted.
How is it Performed?
Whaling attack is like phishing attack, but the way it is performed makes it stand apart from the rest. Attackers usually target organizations and employee data. They send out fraudulent emails from trusted email addresses of higher authorities that makes them appear legit and indirectly forces the executive to share confidential information of an employee. Whaling emails are personalized and often include names, job titles and basic details that make the communication look genuine. Not only this attacker even spoofs corporate logo, phone numbers, and other details to make them look real without any suspicion.
As these attacks are designed to target selected people and the mail is sent out to only those few, it is hard to detect. Plus, they don’t use malicious URLs or attachments to get data.
To perform the attack scammers, gather information like how company’s email system work, how are the emails structured and written, and creates a copy of them to convince the victim into believing the legitimacy of the communication. These message look like they have been sent from a senior manager’s email account, and asks for a money transfer or sharing of confidential files and employees detail.
To get access to the e mail address attackers either send phishing emails to CEO’s, CFO’s email account or they create a spoofed domain that looks like the actual one. Once the initial setting is done attackers send out email from compromised email account or the spoofed domain.
This is all done because they know if an email is received from a trusted source there’re less chances of suspicion and they can easily achieve what they desire to from the fake email.
How to identify a whaling attack?
It is difficult to identify whaling attack but not impossible. To detect it you can follow certain guidelines.
1.Uses email address of CEO or CFO: As discussed whaling attack targets small groups within a company and the attackers uses email addresses of CEO or CFO to disguise.
2.Absence of links and attachments: Attackers while performing whaling attack don’t send links or attachments as it is an old trick. Instead they send out well written emails so that they can surpass the phishing mail filter and no one can detect them easily.
3.Requests a Wire Transfer: Whaling emails target finance employees to wire transfer money.
How to stay protected
Although there’s no single way or strategy to prevent such attacks, but by following certain tips the risk can be reduced. Here are a few tips for you to stay protected:
●Educate senior employees: All company employees should be educated about whaling attacks and how to detect them. They should be trained to identify spoofed email address, mails that sound too real to be true are spam and they should not trust an email without cross questioning or talking with the concerned person either on call or in person.
●Avoid sharing personal information publicly: Create private profiles avoid mentioning details like your birthday, hobbies, friends, and addresses on public profiles. The best way is to apply privacy restriction on your profile.
●Identify emails sent from outside the network: Whaling attack is hard to identify as the sender’s email address look genuine. Therefore, the best way to stay safe is to check if the mail is sent from outside the network or vice versa.
●Apply two-factor authentication to stay safe.
●Use a verification process before transferring the funds like use a face-to-face verification or phone verification.
●Use email filtering system to identify and flag similar looking mails.
●Run mock whaling attacks to train employees.
Hope this information is useful and you stay safe from being a victim to whaling attacks.
Attacks become prevalent due to our ignorance and errors, if we educate ourselves well in time we can reduce the risk of being attacked. It’s not that the hackers are smart it just that we are ignorant and don’t take right measured in time even when we know that we can be the next victim.