Whaling security

Whaling security requires advanced protection.

Whaling security requires advanced protection.

Whaling security is a growing concern for organizations, as instances of whale phishing are rising sharply. Whale phishing and other types of CEO fraud are a kind of spear phishing email attack that targets high-profile end-users and executives – employees with access to highly valuable information and financial accounts.

These scams use social-engineering to trick users into divulging sensitive or confidential information such as credit card numbers, passwords or bank account information. Some attacks impersonate a CEO or CFO to convince an employee to unknowingly wire money to a fraudulent account.

The need for whaling security grows more important by the month. The FBI reports that whale phishing rose sharply between January and August 2015, with attacks up more than 270%1. Clearly, every organization should adopt a whaling security strategy to effectively protect employees and the organization.

1“FBI Warns of Dramatic Increase in Business E-Mail Scams” - Federal Bureau of Investigation, April 2016

Whaling security with Mimecast.

As a global leader in cloud-based email services for security, archiving and continuity, Mimecast offers Targeted Threat Protection with Impersonation Protect to defend against a whaling attack.

Mimecast’s whaling security solution provides real-time protection against social-engineering attacks that often do not include the typical ingredients of an email-based attack such as suspicious URLs, malware or weaponized attachments. Impersonation Protect is consistently effective at spotting a whaling attack, and works alongside URL Protect and Attachment Protect to deliver comprehensive protection against the most advanced email threats.

How Mimecast whaling security works.

Mimecast helps to achieve whaling security by scanning all inbound email for indicators that a message may be suspicious. These include:

  • A domain name that has been newly registered, making it more likely to be suspicious.
  • A domain name that is a near match to the recipient’s corporate domain. Attackers will often use a domain name that appears to be a trusted domain, but with subtle differences that can only be spotted by close inspection.
  • The display name or friendly name, to identify whether the sender is attempting to spoof an internal email address.
  • The body of the message, searching for keywords such as “bank transfer” or “wire transfer” which are commonly found in these type of attacks.

To ensure whaling security, Impersonation Protect may be configured by administrators to block the email, bounce it or tag it as suspicious and issue a notification to employees to prevent them from unwittingly making fraudulent wire transfers or divulging sensitive employee data.

Learn more about whaling security with Mimecast and about Mimecast solutions for secure file transfer and spam protection.

FAQs: Whaling Security

FAQs: Whaling Security

What is whaling in cybersecurity?

In cybersecurity, whaling is a specific form of phishing, a technique used by cyber criminals to dupe individuals into revealing sensitive data like login credentials, account passwords, bank account numbers or credit card information. While phishing attacks are directed at a wide number of individuals, whaling attacks target very specific, high-level executives or other employees with a great degree of authority and responsibility. A whaling attack uses email that seems to come from a trusted sender to get the victim to share sensitive data or to authorize a transfer of funds to an account that turns out to be fraudulent.

Why is whaling security important?

Adopting whaling security measures is critical to protecting the organization and individuals from succumbing to a whaling attack. A successful whaling attack can result in the theft or exposure of highly sensitive data, which may open the organization to fines, legal action, loss of business and loss of reputation. Whaling security measures can also help to prevent employees from unwittingly wiring large sums of money to fraudulent accounts, helping to save the business from incurring significant losses.

How to achieve whaling security?

Whaling security is complicated by the fact that whaling attacks are among the most sophisticated of phishing schemes, and attackers may invest considerable time and effort to make whaling communications appear legitimate. To improve whaling security, organizations can adopt solutions that include:

  • Strong antispam and anti-malware technology that will keep certain kinds of phishing email from user mailboxes.
  • A secure email gateway with advanced scanning capabilities that can inspect links and attachments within an email and block users from accessing them if they appear to be malicious.
  • Anti-impersonation solutions that look for social engineering techniques, anomalies in headers, domain similarity and other indicators of potential whaling security
  • DNS authentication services that determine whether an email sender is legitimate or fraudulent by employing SPF, DKIM and DMARC protocols.
  • Security awareness training for users – especially high-level employees who are most likely to be targeted in a whaling attack – to provide education about what whaling security is, what whaling attacks look like and how to avoid becoming a victim of a whaling security

What are whaling security best practices?

In addition to adopting whaling security technologies, best practices for preventing whaling attacks include:

  1. Double- or triple-checking any request for a transfer of funds or for highly sensitive information to be shared via email or website. When receiving these requests, employees should place a phone call or find another way to confirm that the request is legitimate.
  2. Checking the email address of the sender to make sure that it is legitimate. In a whaling attack, the sender’s email address may be a subtly altered version of a legitimate address.
  3. Being suspicious of any email designed to cause the recipient to act quickly and without caution. Whaling emails often adopt an urgent tone or include threats of negative consequences if action is not taken immediately.

How to implement whaling security fast?

The fastest way to deploy whaling security technology is to rely on a cloud-based service. Because a SaaS-based whaling security service requires no hardware to be installed or software to be downloaded and configured, organizations can quickly improve their security posture and begin thwarting whaling attacks almost immediately.