2019 State of Email Security Report
Actionable steps to improve your organization’s email security and cyber resilience.
Whale phishing: the latest threat to email security.
Whaling, or whale phishing, is a kind of phishing attack where hackers target executives and high profile end users, using social-engineering tactics to trick them into initiating financial transactions or divulging sensitive information. By targeting these “big fish”, whale phishing attacks take advantage of employees who have access to highly valuable or competitive information.
Whale phishing is on the rise in the U. S., with whaling attack scams up to 270% from January to August 2015 and more than $800 billion in business losses in the six months after August 20151. The most sophisticated whale phishing attacks are often more difficult to detect than standard phishing schemes because they rely solely on social-engineering to trick their targets and don’t contain a malicious hyperlink or weaponized attachment.
Mimecast’s Targeted Threat Protection with Impersonation Protect easily detects and prevents whale phishing attacks, identifying combinations of key indicators in an email and blocking or quarantining messages deemed to be suspicious.
Mimecast’s whale phishing solution scans all incoming email as it passes through the Mimecast secure email gateway. Mimecast evaluates several key components of each message, including the display name, domain name, domain age and the body of the email to evaluate whether the email could be a social-engineering attack. If the email fails one or more of these tests, Impersonation Protect can bounce the message, quarantine it or notify and users that it may be suspicious.
Mimecast’s whale phishing solution provides:
Impersonation Protect integrates seamlessly with Mimecast’s URL Protect and Attachment Protect to deliver comprehensive defenses against the most advanced methods of attacks.
What is whale phishing?
Whaling, or whale phishing, is a highly targeted form of phishing directed at high-level executives or people with powerful positions. Using email communications that appear to be from a trusted sender, whale phishing attacks are designed to get an executive to divulge highly sensitive information or to unwittingly authorize a transfer of funds to a fraudulent account.
How does whale phishing work?
Whale phishing uses social engineering techniques to create an email that seems to come from someone the targeted individual knows and trusts. The email may include personal information and references that are gleaned from social media accounts or online profiles, and the email will appear and read as if it is sent from a legitimate business. Typically, a whale phishing email will ask the recipient to email sensitive data like payroll records or bank account information to a spoofed email address, or request that the recipient authorize a wire transfer. A whale phishing email may also direct the recipient to click a link that takes them to a spoofed website to enter sensitive information, and where malware can be surreptitiously downloaded to their computer. With the information that attackers gain from a whale phishing scam, they may steal data, money and identities, or gain access to corporate networks and accounts where they may steal much more.
How to spot whale phishing?
Whale phishing schemes can be quite difficult to recognize because they are so highly targeted to one individual. Attackers will typically go to great lengths to ensure that the appearance of the email and the language in it will not cause the recipient to be suspicious. However, there are a few things that users may look for that can help to identify a whale phishing email:
How to block whale phishing?
Blocking a whale phishing attack requires a comprehensive approach to email security.
What to do in a whale phishing attack?
If you suspect you have received a whale phishing email or are under attack, there are several immediate steps you can take to mitigate the damage.