What Is Whaling and Why Do You Need to Be Aware of It?
Just when you probably thought that you’d seen it all about online phishing scams, hackers and attempts to breach your company’s data security, along comes a fresh new round of deceptive emails, phishing scams, suspicious instant messages and in some cases, even traditional, harmless-looking printouts from your company’s fax machine. In today’s digital age, it’s becoming increasingly easier for cybercriminals to hack into companies using social engineering, a method of gaining the trust of company employees in order to trick them into giving up their access.
When it comes to targeting employees, cybercriminals often make a beeline straight for CEOs and other upper level management staff due to the fact that they’re more likely to have access to sensitive data than any other employee in the company. For both companies and individuals, the stakes are high when it comes to staying secure online. The impacts of phishing are having an effect on brand reputation, individual careers, business finances and profits and in some cases, even the ability of some businesses to stay afloat. And, it’s not just lower-level employees who are being duped into giving away sensitive information – in a new social engineering process known as ‘whaling’ – phishing the big fish – hackers and cybercriminals are using social engineering techniques to get information straight from employees and managers at the highest levels.
Increase in Spear Phishing
Whaling, also referred to as spear phishing, has become worryingly more common in recent times. Indeed, over the past few years, spear phishing has become the preferred method of many hackers and cybercriminals for gaining access to companies and causing large breaches. Numerous, serious breaches have occurred due to hackers gaining user credentials using spear phishing, with over 38% of cyberattacks in the past twelve months coming from this form of social engineering.
Although spear phishing is similar to phishing, it’s important for organisations to be aware that these attacks are often much more sophisticated and more targeted. Whilst phishing emails tend to be from trusted companies such as your bank, PayPal or Google, for example, spear phishing attacks go the extra mile and appear to be from somebody you know, for example a colleague, family member, or friend. The message will also most likely include personal information such as your name, address, telephone number and more. Because of this, spear phishing has become a huge challenge for global companies to protect and defend themselves against.
How to Protect Yourself
Whaling, along with a range of further social engineering techniques, is predicted to only get worse in coming years as more and more cybercriminals attempt to gain credentials and data by going straight after the people in an organisation with the most access. In order to best protect your organisation, it’s vital to be fully prepared – rather than thinking about ‘if’ it happens, you should be thinking ‘when’.
In order to reduce risk as much as possible, it’s vital to ensure that all of your business’ employees, including senior executives and other high level staff, are fully up to date with the latest risks in cybersecurity and are regularly given briefings on how best to spot the tell-tale signs of a spear phishing attack. It’s also important not to forget about any lower level staff who are authorised to make financial transactions, as many true stories about breaches and financial fraud occur when a member of staff is tricked into believing that their manager or other senior employee is asking them to conduct an urgent transfer.
Security Awareness Training
In order to be completely ready for when an attack does occur, it’s vital to have a security awareness training program implemented in your workforce. And, although spear phishing and whaling attacks tend to target senior executives and upper-level managers, it’s not uncommon for lower-level staff members to be used as ‘pawns’ or ‘bait’ in these attacks, therefore it is vital for them to be fully aware of the risks faced, also.
It’s vital to remember that cybercriminals are constantly changing, updating and refining their social engineering techniques, therefore your company should do the same with its security safeguards, policies and procedures. Staying up to date on how whaling is used to gain access to company data can help all of your staff to best predict how an attack may occur in the future and what may be done to stop it.
Whaling, also known as spear phishing, is becoming an increasingly popular method used by hackers to manipulate senior employees into handing over their credentials and ultimately allowing access. Ensuring that every employee in your organisation is aware of how these attacks take place can give you a stronger defence against them.
*Image courtesy of http://www.imfdb.org/wiki/File:Jaws_06.jpg