A whaling attack is a kind of phishing scam and CEO fraud that targets high profile executives with access to highly valuable information. In a whaling attack, hackers use social-engineering to trick users into divulging bank account data, employee personnel details, customer information or credit card numbers, or even to make wire transfers to someone they believe is the CEO or CFO of the company. Whale phishing is generally more difficult to detect than standard phishing attacks, as these attacks often do not use malicious URLs or weaponized attachments.
Whaling attack instances are on the rise in the U.S., up more than 270% from January to August 2015. The FBI reports that business losses due to a whaling attack totaled more than $1.2 billion in just over two years1.
To improve whaling security, organizations need advanced threat protection that specifically defends against a whaling attack.
As a leading provider of cloud-based email services for security, archiving and continuity, Mimecast offers Targeted Threat Protection with Impersonation Protect to safeguard organizations and their employees and financial assets from a whaling attack.
Impersonation Protect offers instant and complete protection from this advanced form of cyber attack, scanning and evaluating all incoming email for potential attack indicators. Mimecast examines:
When Impersonation Protect identifies a suspicious email, it may be bounced, quarantined or tagged as suspicious, with warning notifications sent to the intended recipient.
Mimecast provides whaling and spear security with features that include:
What is a whaling attack?
A whaling attack is a type of spear-phishing attack directed at high-level executives where attackers masquerade as legitimate, known and trusted entities and encourage a victim to share highly sensitive information or to send a wire transfer to a fraudulent account.
How does a whaling attack work?
In a whaling attack, attackers send an email that looks and seems like a legitimate email from a trusted source, often a contact within the company or with a partner, vendor or customer account. A whaling email will contain enough personal details or references gleaned from Internet research to convince the recipient that it is legitimate. Whaling attacks may also ask a user to click on a link that leads to a spoofed website that looks identical to a legitimate site, where information can be collected, or malware can be downloaded. In a whaling attack, victims may be encouraged to share sensitive data like payroll information, tax returns or bank account numbers, or they may be asked to authorize a wire transfer to a bank account that turns out to be fraudulent. For attackers, the goal of whaling attack is usually to steal money or data, or to get access to networks that can yield much larger ill-gotten gains.
How to recognize a whaling attack?
A whaling attack is much harder to recognize than a standard phishing attack, as attackers will usually invest much more time to make email communications and websites look legitimate. Some common signs that an email may be part of a whaling attack include:
How to block a whaling attack?
Stopping a whaling attack requires a multi-layered approach to security.
How to report a whaling attack?
An attempted or successful whaling attack should be reported immediately to a variety of people. Victims should immediately alert their employer and its IT department in order to take quick action to block other attempts or to stop attackers from doing further damage. Whaling attacks can be reported to a number of organizations dedicated to helping to prevent cybercrime such as the Federal Trade Commission (www.ftc.gov/complaint), the Cybersecurity and Infrastructure Security Agency (firstname.lastname@example.org) and the Anti-Phishing Working Group (www.antiphishing.org/report-phishing).