It’s no secret that social engineering attacks, like phishing, spear-phishing and domain spoofing have grown from being a nuisance to a colossal problem. But, perhaps the most colossal problem of the moment is Business Email Compromise, otherwise called CEO fraud or whaling.
Whaling attacks can cost companies millions in financial losses. In fact, according to the U.S. Federal Bureau of Investigation, whaling attacks led to more than $2.3 billion in losses over the last three years. Cybercriminals are able to pull off these deceptive scams by posing as a CEO, or other executive, sending an email asking the unsuspecting target to initiate a wire transfer or send payroll and other sensitive data.
It’s time to protect your organization from whaling attacks. This means you must get to know the ‘5 Phases of a Whaling Assault’ so you can both educate your employees and increase your technology defenses. They are:
- In the Crosshairs: In the first stage of an assault, fraudsters use social media networks to gather intel on their target.
- The Domain Game: Next, armed with just enough detail, they register a domain similar to the actual domain for the target company.
- Gone Phishing: An employee receives the phishing email, but doesn’t notice the subtle warning signs that it’s fraudulent.
- Victim’s Assistance: The target follows the call-to-action in what appears to be an authentic email from someone familiar.
- On the Money: But, it’s not authentic. The attacker now moves the funds from the fraudulent bank account or has sensitive employee information like W-2 forms and social security numbers that are used in a larger scam.
Are you ready to take action against whaling? Download: “Whaling: Anatomy of an Attack” to learn more, including why whaling works, examples of recent high-profile attacks, and ways to defend against whaling fraudsters.
