State of Email Security Report
Actionable steps to improve your organization’s email security and cyber resilience.
Whaling security requires advanced protection.
Whaling security is a growing concern for organizations, as instances of whale phishing are rising sharply. Whale phishing and other types of CEO fraud are a kind of spear phishing email attack that targets high-profile end-users and executives – employees with access to highly valuable information and financial accounts.
These scams use social-engineering to trick users into divulging sensitive or confidential information such as credit card numbers, passwords or bank account information. Some attacks impersonate a CEO or CFO to convince an employee to unknowingly wire money to a fraudulent account.
The need for whaling security grows more important by the month. The FBI reports that whale phishing rose sharply between January and August 2015, with attacks up more than 270%1. Clearly, every organization should adopt a whaling security strategy to effectively protect employees and the organization.
As a global leader in cloud-based email services for security, archiving and continuity, Mimecast offers Targeted Threat Protection with Impersonation Protect to defend against a whaling attack.
Mimecast’s whaling security solution provides real-time protection against social-engineering attacks that often do not include the typical ingredients of an email-based attack such as suspicious URLs, malware or weaponized attachments. Impersonation Protect is consistently effective at spotting a whaling attack, and works alongside URL Protect and Attachment Protect to deliver comprehensive protection against the most advanced email threats.
Mimecast helps to achieve whaling security by scanning all inbound email for indicators that a message may be suspicious. These include:
To ensure whaling security, Impersonation Protect may be configured by administrators to block the email, bounce it or tag it as suspicious and issue a notification to employees to prevent them from unwittingly making fraudulent wire transfers or divulging sensitive employee data.