Whale phishing

Whale phishing: the latest threat to email security.

What is Whale Phishing? The Latest Email Security Threat

Whaling, or whale phishing, is a kind of phishing attack where hackers target executives and high profile end users, using social-engineering tactics to trick them into initiating financial transactions or divulging sensitive information. By targeting these “big fish”, whale phishing attacks take advantage of employees who have access to highly valuable or competitive information.

Whale phishing is on the rise in the U. S., with whaling attack scams up to 270% from January to August 2015 and more than $800 billion in business losses in the six months after August 20151. The most sophisticated whale phishing attacks are often more difficult to detect than standard phishing schemes because they rely solely on social-engineering to trick their targets and don’t contain a malicious hyperlink or weaponized attachment.

In this new threat environment, whaling security requires innovative solutions to prevent CEO fraud and protect the organization.

1“FBI Warns of Dramatic Increase in Business E-Mail Scams” - Federal Bureau of Investigation, April 2016

Prevent whale phishing with Mimecast

Mimecast’s Targeted Threat Protection with Impersonation Protect easily detects and prevents whale phishing attacks, identifying combinations of key indicators in an email and blocking or quarantining messages deemed to be suspicious.

Mimecast’s whale phishing solution scans all incoming email as it passes through the Mimecast secure email gateway. Mimecast evaluates several key components of each message, including the display name, domain name, domain age and the body of the email to evaluate whether the email could be a social-engineering attack. If the email fails one or more of these tests, Impersonation Protect can bounce the message, quarantine it or notify and users that it may be suspicious.

How Mimecast's Protects You From Whale Phishing

Mimecast’s whale phishing solution provides:

  • Real-time protection against social-engineering attacks like whaling, CEO fraud, business email compromise or W2 fraud.
  • Protection against friendly name or display name spoofing.
  • Protection against newly registered or unknown domain names.
  • Complete administrator control over how suspicious messages are processed.
  • Comprehensive protection delivered by Mimecast’s threat intelligence infrastructure and Messaging Security teams.

Impersonation Protect integrates seamlessly with Mimecast’s URL Protect and Attachment Protect to deliver comprehensive defenses against the most advanced methods of attacks.

Learn more about mitigating whale phishing attacks with Mimecast, and about Mimecast’s secure file transfer solution and spam detection tool.

FAQs Whale Phishing

FAQs: Whale Phishing

What is whale phishing?

Whaling, or whale phishing, is a highly targeted form of phishing directed at high-level executives or people with powerful positions. Using email communications that appear to be from a trusted sender, whale phishing attacks are designed to get an executive to divulge highly sensitive information or to unwittingly authorize a transfer of funds to a fraudulent account.

How does whale phishing work?

Whale phishing uses social engineering techniques to create an email that seems to come from someone the targeted individual knows and trusts. The email may include personal information and references that are gleaned from social media accounts or online profiles, and the email will appear and read as if it is sent from a legitimate business. Typically, a whale phishing email will ask the recipient to email sensitive data like payroll records or bank account information to a spoofed email address, or request that the recipient authorize a wire transfer. A whale phishing email may also direct the recipient to click a link that takes them to a spoofed website to enter sensitive information, and where malware can be surreptitiously downloaded to their computer. With the information that attackers gain from a whale phishing scam, they may steal data, money and identities, or gain access to corporate networks and accounts where they may steal much more.

How to spot whale phishing?

Whale phishing schemes can be quite difficult to recognize because they are so highly targeted to one individual. Attackers will typically go to great lengths to ensure that the appearance of the email and the language in it will not cause the recipient to be suspicious. However, there are a few things that users may look for that can help to identify a whale phishing email:

  • A request for money or information. Anytime a user receives a request to authorize the transfer of funds or to share information that is highly sensitive, they should double-check to make sure the request is legitimate by placing a phone call or seeking another form of confirmation.
  • An urgent or threatening tone. A whale phishing email will usually cite an urgent need to encourage the recipient to act quickly and without thinking. Whale phishing attacks may also threaten negative consequences if the request is not fulfilled.
  • A spoofed email address. In a whale phishing email, the sender’s email address will often be a slightly altered version of a legitimate address. For example, an address from companyone.com may be altered to company1.com or Company0ne.com, with a zero replacing the “o” in the original address.

How to block whale phishing?

Blocking a whale phishing attack requires a comprehensive approach to email security.

  • Whale phishing defenses begin with a strong anti-spam and anti-malware technology that can stop certain messages at the email gateway.
  • Advanced email scanning technology can evaluate all links and attachments within an email and block users from clicking a link or opening an attachment that is deemed to be dangerous.
  • Anti-impersonation technology can help to spot malware-less attacks using social engineering techniques by scanning the header and content of email for language and anomalies that are common to whale phishing
  • DNS authentication services that use DKIM, SPF and DMARC protocols can help to determine whether an email was sent from a legitimate or fraudulent source.
  • Security awareness training can help to address the weakest link in email security – human error – by educating employees about what a whaling email might look like and how to avoid falling prey to an attack.

What to do in a whale phishing attack?

If you suspect you have received a whale phishing email or are under attack, there are several immediate steps you can take to mitigate the damage.

  1. Disconnect your computer from the network and/or the Internet in order to stop any malware from downloading or spreading.
  2. Alert your company immediately, giving your IT department a head start on limiting the damage and warning other employees about potential attacks.
  3. Scan your computer for viruses and malware that may have been downloaded as part of the attack.
  4. Change your login credentials and passwords immediately to prevent attackers from using any information you have shared to access your accounts.
  5. Report the whale phishing attack to the Federal Trade Commission (ftc.gov/complaint), the Cybersecurity and Infrastructure Security Agency (phishing-report@us-cert.gov) and the Anti-Phishing Working Group (www.antiphishing.org/report-phishing).