2019 State of Email Security Report
Actionable steps to improve your organization’s email security and cyber resilience.
Mimecast provides cloud security services for combating whaling email scams and for protecting organizations against advanced email-borne threats.
With whaling email attacks on the rise, your organization needs solutions that can provide strong and automated protection against these devastating threats.
A whaling cyber attack is a form of impersonation attack where hackers send a message that appears to be from a chief executive officer, the chief financial officer or another C-suite executive. These whaling email messages will typically ask recipients to make wire transfers to vendors who turn out to be fraudulent, or to reveal sensitive business information or employee data that hackers can use to steal identities, gain access to business systems or initiate an email data breach.
While making your employees aware of the techniques used in a whaling email attack can help to stop some threats, only an automated email security solution can provide comprehensive cyber protection. That's exactly what you can achieve with Mimecast.
Mimecast provides cloud security services for combating whaling email scams and protecting your organization against a wide range of other threats. Mimecast's all-in-one, subscription service also provides tools for email archiving, continuity, backup and recovery, e-Discovery and compliance, enabling your IT administrators to conduct comprehensive business email management from a single pane of glass using a web-based interface.
To stop a whaling email attempt, Mimecast scans all inbound email for key indicators that suggest a message may be suspicious. These include:
When an email is deemed suspicious, Mimecast can block, quarantine or tag the message to ensure employees are not tricked into making fraudulent wire transfers or sharing sensitive data.
With Mimecast technology for combating whaling email attacks, you can:
Learn more about combating whaling email attacks with Mimecast.
What is a whaling email?
A whaling email is part of a whaling attack, which is a form of phishing that targets high-ranking executives or others with powerful job titles and positions. A whaling email is created to look and read as if it was sent from a legitimate source, usually someone the recipient knows and trusts. The purpose of a whaling email is to trick the recipient into revealing sensitive information that attackers can use to steal data, or to authorize a wire transfer of funds to a fraudulent account.
How does whaling email work?
To create a whaling email, attackers will research a targeted individual, usually collecting personal information from online profiles and social media accounts. The design of a whaling email will look identical to an email from a legitimate business, making it very difficult to spot the fraud. The content of a whaling email may ask the recipient to send a wire transfer right away, to email sensitive data like tax information or payroll files to a spoofed email address, or to visit a spoofed website where the target is asked to enter sensitive information like passwords or bank account numbers. Visiting such a website may also enable attackers to download malware to the victim’s computer.
How to recognize a whaling email?
A whaling email is much more difficult to spot than a regular phishing attack. Because the stakes are larger, attackers will spend considerably more time to make a whaling email or a whaling website look professional and to read as if it was sent by another high-level executive. There are several things that all users should watch for, though, that can help them to recognize a whaling email.
How to stop whaling email?
Preventing a whaling email attack is best accomplished with a combination of technologies in education.
Where should I report whaling email?
If you suspect you have received a whaling email – or if you have succumbed to a whaling attack – you should immediately report it to: