2019 State of Email Security Report
Actionable steps to improve your organization’s email security and cyber resilience.
Whaling security requires advanced protection.
Whaling security is a growing concern for organizations, as instances of whale phishing are rising sharply. Whale phishing and other types of CEO fraud are a kind of spear phishing email attack that targets high-profile end-users and executives – employees with access to highly valuable information and financial accounts.
These scams use social-engineering to trick users into divulging sensitive or confidential information such as credit card numbers, passwords or bank account information. Some attacks impersonate a CEO or CFO to convince an employee to unknowingly wire money to a fraudulent account.
The need for whaling security grows more important by the month. The FBI reports that whale phishing rose sharply between January and August 2015, with attacks up more than 270%1. Clearly, every organization should adopt a whaling security strategy to effectively protect employees and the organization.
As a global leader in cloud-based email services for security, archiving and continuity, Mimecast offers Targeted Threat Protection with Impersonation Protect to defend against a whaling attack.
Mimecast’s whaling security solution provides real-time protection against social-engineering attacks that often do not include the typical ingredients of an email-based attack such as suspicious URLs, malware or weaponized attachments. Impersonation Protect is consistently effective at spotting a whaling attack, and works alongside URL Protect and Attachment Protect to deliver comprehensive protection against the most advanced email threats.
Mimecast helps to achieve whaling security by scanning all inbound email for indicators that a message may be suspicious. These include:
To ensure whaling security, Impersonation Protect may be configured by administrators to block the email, bounce it or tag it as suspicious and issue a notification to employees to prevent them from unwittingly making fraudulent wire transfers or divulging sensitive employee data.
What is whaling in cybersecurity?
In cybersecurity, whaling is a specific form of phishing, a technique used by cyber criminals to dupe individuals into revealing sensitive data like login credentials, account passwords, bank account numbers or credit card information. While phishing attacks are directed at a wide number of individuals, whaling attacks target very specific, high-level executives or other employees with a great degree of authority and responsibility. A whaling attack uses email that seems to come from a trusted sender to get the victim to share sensitive data or to authorize a transfer of funds to an account that turns out to be fraudulent.
Why is whaling security important?
Adopting whaling security measures is critical to protecting the organization and individuals from succumbing to a whaling attack. A successful whaling attack can result in the theft or exposure of highly sensitive data, which may open the organization to fines, legal action, loss of business and loss of reputation. Whaling security measures can also help to prevent employees from unwittingly wiring large sums of money to fraudulent accounts, helping to save the business from incurring significant losses.
How to achieve whaling security?
Whaling security is complicated by the fact that whaling attacks are among the most sophisticated of phishing schemes, and attackers may invest considerable time and effort to make whaling communications appear legitimate. To improve whaling security, organizations can adopt solutions that include:
What are whaling security best practices?
In addition to adopting whaling security technologies, best practices for preventing whaling attacks include:
How to implement whaling security fast?
The fastest way to deploy whaling security technology is to rely on a cloud-based service. Because a SaaS-based whaling security service requires no hardware to be installed or software to be downloaded and configured, organizations can quickly improve their security posture and begin thwarting whaling attacks almost immediately.