Here at SKALES we’re keen to raise security awareness, so that others do not become a victim to cybercrime. Phishing, Whale Phishing in particular is a dangerous and highly effective technique used by cybercriminals. As security professionals, we need to understand this attack type, learn how to counter it, and inform all employees, from the top to the bottom.
- What is Whale Phishing?
- Why is Whale Phishing a High Risk Cyber Attack?
- Examples of Whale Phishing
- How Security Awareness and building a Strong Security Culture can Prevent Whale Phishing?
What is Whale Phishing?
Whale Phishing is a specifically crafted phishing message, designed for the C-board (“Big fish”) of an organization. This will include individuals such as the Chief Executive Officer (CEO) or Chief Financial Officer (CFO). Often personal assistants have access to their inbox, so this often includes them too.
We have witnessed attacks that masquerade as the CFO, advising the personal assistant to transfer funds. These attacks are timely, often planned to coincide when an individual is out-of-the-office and uncontactable.
Why is Whale Phishing a High Risk Cyber Attack?
The C-board typically have power, influence, and little time. A C-level member often does not have the time to stop and realise an attack is occurring making them potentially more suceptible to attack. In addition, any action they take on behalf of the attacker stands a greater likelihood of being successful, they have the access or ability to gain the required access.
Finally, employees will often react to direction from senior management without question. Blindly transferring funds, or vital information, believing the request is genuine.