Whaling attack

Are your executives vulnerable to a whaling attack?

Are your executives vulnerable to a whaling attack?

A whaling attack is a kind of phishing scam and CEO fraud that targets high profile executives with access to highly valuable information. In a whaling attack, hackers use social-engineering to trick users into divulging bank account data, employee personnel details, customer information or credit card numbers, or even to make wire transfers to someone they believe is the CEO or CFO of the company. Whale phishing is generally more difficult to detect than standard phishing attacks, as these attacks often do not use malicious URLs or weaponized attachments.

Whaling attack instances are on the rise in the U.S., up more than 270% from January to August 2015. The FBI reports that business losses due to a whaling attack totaled more than $1.2 billion in just over two years1.

To improve whaling security, organizations need advanced threat protection that specifically defends against a whaling attack.

1“FBI Warns of Dramatic Increase in Business E-Mail Scams” - Federal Bureau of Investigation, April 2016

Prevent a whaling attack with Mimecast.

As a leading provider of cloud-based email services for security, archiving and continuity, Mimecast offers Targeted Threat Protection with Impersonation Protect to safeguard organizations and their employees and financial assets from a whaling attack.

Impersonation Protect offers instant and complete protection from this advanced form of cyber attack, scanning and evaluating all incoming email for potential attack indicators. Mimecast examines:

  • The sending domain name, to identify whether the sender’s domain is a near match to the recipient’s domain name. A whaling attack will often use a domain name that looks very much like a trusted domain name, but with subtle and almost imperceptible changes.
  • The display name or friendly name, to determine whether the sender is attempting to spoof an Internet email address.
  • The age of the sending domain— a newly registered domain name is more likely to be suspicious.
  • Keywords in the body of the message, including phrases such as a “bank transfer” or “wire transfer”, which are often suspicious.

When Impersonation Protect identifies a suspicious email, it may be bounced, quarantined or tagged as suspicious, with warning notifications sent to the intended recipient.

Key features of Mimecast’s solution for stopping a whaling attack.

Mimecast provides whaling and spear security with features that include:

  • Defense against social-engineering attacks.
  • Protection against unknown or newly registered domains.
  • Administrative control over security procedures for suspicious emails.
  • Comprehensive protection provided by Mimecast’s threat intelligence infrastructure and Messaging Security teams.

Learn more about thwarting a whaling attack with Mimecast and about Mimecast solutions for secure file transfer and spam email protection.