Whaling Email

    Mimecast provides cloud security services for combating whaling email scams and for protecting organizations against advanced email-borne threats.

    Interested in learning more?

    Schedule a demo

    Prevent a whaling email attack with Mimecast

    With whaling email attacks on the rise, your organization needs solutions that can provide strong and automated protection against these devastating threats.

    A whaling cyber attack is a form of impersonation attack where hackers send a message that appears to be from a chief executive officer, the chief financial officer or another C-suite executive. These whaling email messages will typically ask recipients to make wire transfers to vendors who turn out to be fraudulent, or to reveal sensitive business information or employee data that hackers can use to steal identities, gain access to business systems or initiate an email data breach.

    While making your employees aware of the techniques used in a whaling email attack can help to stop some threats, only an automated email security solution can provide comprehensive cyber protection. That's exactly what you can achieve with Mimecast.

    <p>Prevent a whaling email attack with Mimecast</p>

    Mimecast solutions for stopping a whaling email scam

    Mimecast provides cloud security services for combating whaling email scams and protecting your organization against a wide range of other threats. Mimecast's all-in-one, subscription service also provides tools for email archiving, continuity, backup and recovery, e-Discovery and compliance, enabling your IT administrators to conduct comprehensive business email management from a single pane of glass using a web-based interface.

    To stop a whaling email attempt, Mimecast scans all inbound email for key indicators that suggest a message may be suspicious. These include:

    • The email's display name and domain name – Mimecast looks for domain similarity and examines the recency of domains to identify digital domain spoofing.
    • The email's reply-to information – whaling email attacks often use a different reply address than the address of the purported sender.
    • The email's content – Mimecast looks for certain words and phrases like "wire transfer", "bank transfer" or "W-2" that are often part of a whaling email.

    When an email is deemed suspicious, Mimecast can block, quarantine or tag the message to ensure employees are not tricked into making fraudulent wire transfers or sharing sensitive data.

    <p>Mimecast solutions for stopping a whaling email scam</p>

    Benefits of mitigating whaling email campaigns with Mimecast

    With Mimecast technology for combating whaling email attacks, you can:

    • Get real-time protection against malware-less social engineering attacks like whaling email scams, CEO fraud, business email compromise or W-2 fraud.
    • Benefit from up-to-the-minute threat intelligence developed by the Mimecast Security Operations Center.
    • Enjoy complete administrative control over handling of messages that may be whaling email attacks.
    • Integrate scans for whaling email attacks with technology to prevent a broad range of other threats, including spear-phishing attacks, ransomware, viruses, malware and other impersonation attacks, and with Mimecast's information protection solutions.

    Learn more about combating whaling email attacks with Mimecast.

    <p>Benefits of mitigating whaling email campaigns with Mimecast</p>

    FAQs: Whaling Email

    What is a whaling email?

    A whaling email is part of a whaling attack, which is a form of phishing that targets high-ranking executives or others with powerful job titles and positions. A whaling email is created to look and read as if it was sent from a legitimate source, usually someone the recipient knows and trusts. The purpose of a whaling email is to trick the recipient into revealing sensitive information that attackers can use to steal data, or to authorize a wire transfer of funds to a fraudulent account.

    How does whaling email work?

    To create a whaling email, attackers will research a targeted individual, usually collecting personal information from online profiles and social media accounts. The design of a whaling email will look identical to an email from a legitimate business, making it very difficult to spot the fraud. The content of a whaling email may ask the recipient to send a wire transfer right away, to email sensitive data like tax information or payroll files to a spoofed email address, or to visit a spoofed website where the target is asked to enter sensitive information like passwords or bank account numbers. Visiting such a website may also enable attackers to download malware to the victim’s computer.

    How to recognize a whaling email?

    A whaling email is much more difficult to spot than a regular phishing attack. Because the stakes are larger, attackers will spend considerably more time to make a whaling email or a whaling website look professional and to read as if it was sent by another high-level executive. There are several things that all users should watch for, though, that can help them to recognize a whaling email.

    • Any request for a transfer of funds or for sensitive information should be viewed skeptically and should be a cause for further investigation.
    • Often, a whaling email will have an urgent or a slightly threatening tone that’s intended to encourage the recipient to act quickly and without taking time to confer with others or double-check information.
    • The sender’s email address in a whaling email may be slightly altered from the domain name of a legitimate or trusted company. For example, an email from “name@acme.com” may be substituted with “name@acrne.com”, where the “m” in the original domain is replaced with a “rn” that is difficult for a casual observer to spot.

    How to stop whaling email?

    Preventing a whaling email attack is best accomplished with a combination of technologies in education.

    • Security awareness training is critical to spotting a whaling email. By educating them about what a whaling email might look like or what it might instruct them to do, users are better equipped to maintain a skeptical attitude toward all potential attacks.
    • DNS authentication services can determine whether an email was sent from a legitimate or fraudulent domain by using DMARC, DKIM and SPF protocols.
    • Anti-impersonation software can scan the header and content of email to spot the signs of a malware-less whaling email that uses social engineering-based techniques.
    • Email scanning and filtering technology that scours the links and attachments of all inbound email can prevent users from opening an attachment or clicking on a link that may be part of a whaling email
    • Superior anti-malware and anti-spam programs can help to stop some whaling emails at the email gateway.

    Where should I report whaling email?

    If you suspect you have received a whaling email – or if you have succumbed to a whaling attack – you should immediately report it to:

    • Your company and your IT department, enabling them to quickly limit any damage.
    • The person that the email was impersonating.
    • Government agencies that are dedicated to stopping this type of cybercrime such as the Cybersecurity and Infrastructure Security Agency (phishing-report@us-cert.gov), the Federal Trade Commission (ftc.gov/complaint) and the Anti-Phishing Working Group (www.antiphishing.org/report-phishing).
    <p>FAQs: Whaling Email</p>

    Expert Insight.

    Resources you may be interested in: