The State of Email Security 2018 Report
The latest threats, confidence killers and bad behaviors—and a cyber resilience strategy to fix them
Whale phishing: the latest threat to email security.
Whaling, or whale phishing, is a kind of phishing attack where hackers target executives and high profile end users, using social-engineering tactics to trick them into initiating financial transactions or divulging sensitive information. By targeting these “big fish”, whale phishing attacks take advantage of employees who have access to highly valuable or competitive information.
Whale phishing is on the rise in the U. S., with whaling attack scams up to 270% from January to August 2015 and more than $800 billion in business losses in the six months after August 20151. The most sophisticated whale phishing attacks are often more difficult to detect than standard phishing schemes because they rely solely on social-engineering to trick their targets and don’t contain a malicious hyperlink or weaponized attachment.
Mimecast’s Targeted Threat Protection with Impersonation Protect easily detects and prevents whale phishing attacks, identifying combinations of key indicators in an email and blocking or quarantining messages deemed to be suspicious.
Mimecast’s whale phishing solution scans all incoming email as it passes through the Mimecast secure email gateway. Mimecast evaluates several key components of each message, including the display name, domain name, domain age and the body of the email to evaluate whether the email could be a social-engineering attack. If the email fails one or more of these tests, Impersonation Protect can bounce the message, quarantine it or notify and users that it may be suspicious.
Mimecast’s whale phishing solution provides:
Impersonation Protect integrates seamlessly with Mimecast’s URL Protect and Attachment Protect to deliver comprehensive defenses against the most advanced methods of attacks.