Hackers are adaptive and opportunistic creatures, so it is no surprise that some have adapted their phishing attempts in order to land the biggest fish - in this case the CEOs and executives of companies in a technique known as whaling.
What is Whaling?
Whaling is a type of phishing attack that is aimed at C-level or top-level executives. A hacker uses social engineering and computer intrusion techniques to get as much information as they can on their targets. By scouring social media channels such as LinkedIn, they can collect personal data and information that can then be exploited to put their schemes into action.
The scammer also collects information about how an organisation’s emails are laid out and structured in order to make them look as authentic and believable as possible. Often the attacker will pretend to be a CEO or senior executive and send messages to employees lower down the management chain asking them to transfer money or sensitive data. The employee, not wanting to disappoint senior management, often completes with the request without question. In the most serious cases, this has resulted in millions of pounds of company funds being sent to accounts controlled by criminals.
A recent example was seen in August when a whaling attack deceived finance staff at Leoni AG into transferring £34 million into a bank account of the hackers choosing. In this case, it was the company CFO who was the target. She received an email spoofed to look like it came from one of the company’s top German executives.
Why is it so successful?
It makes sense from the hacker’s point of view. Why waste your time targeting lower level workers, or a business as a whole, when you can make significant criminal gains by targeting the big fish at the top. The scammer relies on workers desires to impress senior managers and uses this behaviour to their advantage. Often an employee, no matter how odd the request may be, will want to make a good impression and not disappoint their employer.
How to tackle the threat?
As with many cyber threats, education is key to limiting the risks. Trainingemployees and executives on what to look out for and how to avoid becoming a victim, can reduce the threat dramatically.
PGI’s GCHQ accredited Cyber Security Awareness (CSA) course is a great place to start in educating a workforce.
Protection Group International believes that cyber security doesn’t need to be overly complicated, incomprehensible or vastly expensive. We specialise in delivering strategic vulnerability assessment services and offer a range of senior cyber awareness education to enable you to tackle cyber threats in-house. For more information click here.
Our partner company, Protection Vessels International, is focussed on the efficient delivery of high quality, cost effective security solutions for the maritime community. We invest in our well-maintained logistic infrastructure to enhance customers’ business continuity through the protection of their assets and people. For more information click here.
Your free Global Geopolitical Dashboard
PGI’s Risk Portal tool provides daily intelligence feeds, country threat assessments and analytical insights, enabling clients to track, understand and navigate geopolitical threats.
The Risk Portal gives users up-to-date information and analysis on global affairs.
The Risk Portal allows users to visualise information in a unique and instantly understandable way. Mapping filters enable the visualisation of incidents by threat category, time period, perpetrator and target type.
Risk Portal users can upgrade their accounts to include the Report Builder and Country Profile Generator features. The Report Builder allows users to select information, data and images from the Risk Portal and create bespoke reports and emails.
Subscribers to PGI’s Bespoke services receive tailored analysis on specific sectors and geographies of interest, delivered at a frequency they determine.
Subscribe to our Cyber Bytes Newsletter
Keep yourself in the loop with PGI by signing up to our Weekly Cyber Bytes email. You will receive updates, tips and narrative around what has been happening in the world of information security.