Fraud at the Expense of the CEO – Preventing Whaling Attacks

By November 12, 2020Data Security, Email Security
whaling attack

With increasingly more staff working from home, cybercrime is on the rise. Couple that with the reality that the employees now working from home are distracted by kids who are distance learning and spouses who are suddenly sharing the workspace, and the kind of critical attention paid to these criminal activities is at an all-time low. Seemingly as a consequence, whaling – another form of cyberattack – is becoming more prevalent. To protect your data, then, your employees need to know what to watch out for.

What Is a Whaling Attack?

A whaling attack is very similar to a phishing attack – the cybercriminals are simply going after the “biggest fish” by impersonating the CEO and other senior business leaders, in order to trick employees into sending money, providing sensitive information, or allowing network access,. These sophisticated attacks are designed not only to trick employees into believing the identity of the sender is a high-level leader in the company but purposely targets other high-level leaders.

Is There a Difference Between Whaling and Phishing?

Cybercriminals who utilize whaling and phishing attacks have similar agendas, but they take different approaches. Phishing emails are typically sent from a generic address to a wide range of people in the hopes of catching someone off guard. Whaling attacks are often aimed at C-suite executives, such as CFOs, CMOs, as well as other managers. What makes these attacks so insidious is that the emails are disguised to look as if they are coming from within the organization and from other senior executives. The cybercriminals involved in these attacks use social profiles and other information to more effectively emulate the executives; they may glean information about an event that an executive has attended or refer to personal information about the recipient – such as asking about their children – to make the message seem more authentic.

Whaling Attacks Are on the Rise

According to the FBI, attacks like these in 2018 cost businesses more than $12.5 billion. One in four businesses have experienced a whaling attack in the last 12 months – and that number goes up for midsize businesses that have 50 or more employees.  These attacks are effective because no one wants to receive an email from an executive and fail to act on it, especially when it seems so authentic. And because more people are working from home, it’s difficult to maintain the same level of vigilance you would at the office.

Typical Whaling Attacks

A whaling attack will request specific kinds of information:

  • They’ll ask the recipient to transfer money to a bank account or provide company credit card information.
  • They will ask for sensitive information about customers, employees, or vendors.
  • They’ll request that you visit a link they’ve embedded into the message.

The Damage of Whaling Attacks

Cybercriminals would not spend so much time on conceiving and launching these attacks if they were not lucrative. But the damage to your business is about more than just the upfront financial impact. The fallout of such a cyberattack can be devastating to a company’s brand and reputation and depending on the type of loss or data breach involved, there may also be fines or restitution required.

Identifying Whaling Attacks

Unlike a typical phishing email, in which there are often tell-tale signs of poor grammar or questionable word choices, whaling messages are written very well and personalized directly to the recipient. It is difficult to detect the fraud. Employees must be vigilant for these signs:

  • An email address that closely resembles that of an executive’s email but isn’t exactly so. For example, might be impersonated as
  • A sense of urgency in the message. The email may seem to come from the CEO and include messaging like I’m meeting with an important client and must have this information right now to close the deal or If we don’t pay this vendor right now, we’re going to lose this contract. The messaging might even imply that this was something that was already supposed to be taken care of.
  • Language implying that the message is confidential, telling the recipient not to disclose the contents or share the information or email with anyone.
  • Specific banking information for payments that might be different than what is on record.

How to Prevent Whaling Attacks

Layers of security are essential. However, because whaling attacks are so sophisticated, it is possible that an email will slip through. You should have policies established that prevent employees from taking action on email requests like these. But your employees are still your strongest defense, as they may well be the recipients of such emails. End-user training is essential. Your employees need to not only know what to look for in these kinds of emails but also must be reassured that if they refuse to comply with a request out of a suspicion that the email is fraudulent that they will be celebrated, not punished.

thinkCSC provides policies and comprehensive end-user training that helps arm your employees with the knowledge they need to be your front-line defense and thwart whaling attacks. To learn more about our end-user training and other managed security services, contact us today.


Author thinkCSC

More posts by thinkCSC

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.