Mimecast Warns of Heightened Whaling Threat

55% of organizations see increase in whaling email attacks targeted at accounting and finance employees

December 23, 2015, Watertown, MA – Mimecast is today warning organizations of an increased prevalence of targeted whaling attacks.

Whaling attacks (also known as Business Email Compromise - BEC) use email sent from spoofed or similar sounding domain names, and appearing to be sent from the CEO or CFO, to trick accounting or finance users into making illegitimate wire transfers to cybercriminals. This type of targeted attack relies on a significant amount of prior research into a target organization to identify the victim and the organizational hierarchy around them.

According to Mimecast research conducted in December 2015*:

Orlando Scott-Cowley, cyber security strategist at Mimecast, commented: “Cyber attackers have gained sophistication, capability and bravado over the recent years, resulting in some complex and well executed attacks. Whaling emails can be more difficult to detect because they don’t contain a hyperlink or malicious attachment, and rely solely on social-engineering to trick their targets.”

Social media provides attackers with much of the information they need to execute these attacks, especially when combined with wider insider research. Sites like Facebook, LinkedIn and Twitter provide key details that when pieced together, give a much clearer picture of senior execs in the target business.

Mimecast’s Whaling Protection Recommendations

“The barriers to entry for whaling attacks are dangerously low. As whaling becomes more successful for cybercriminals, we are likely to see a continued increase in their popularity, as hackers identify these attacks as an effective cash cow,” added Scott-Cowley.

Mimecast data centers process approximately 180 million emails per day and its services help protect customers from a comprehensive range of email and data related threats, including spam, viruses and advanced spear-phishing attacks.

*Mimecast conducted a survey of 442 IT experts at organizations in the US, UK, South Africa and Australia in December 2015.

Download Mimecast’s whaling security advisory for a more detailed analysis, including a breakdown of how whaling attacks are conducted.


About Mimecast

Mimecast makes business email and data safer for more than 15,000 customers and millions of employees worldwide. Founded in 2003, the company's next-generation cloud-based security, archiving and continuity services protect email and deliver comprehensive email risk management. 

Disclaimer: Press releases are provided for historical purposes only. The information contained in each is accurate only as of the date the press release was originally issued.