Go to the profile of PhishTrain
PhishTrain
Stay up to date on all things phishing related! See what new updates we roll out too!

Whaling on the Rise, Don’t Think You’re Safe

Whaling has been popular since the 17th century, but now it’s making a cyber return.

Whaling in the traditional sense is defined as: the work or industry of capturing and rendering whales. In the cyber security industry, the identically named attack follow the same definition; just replace “whales” with “executives”.

Whale phishing, or whaling, is a type of phishing attack that targets CEOs and other executives at companies. The premise behind it is that one, well-planned attack can end in a large haul of information and possibly money. Rather than spending time trying to phish individual employees in the hopes of landing a few small targets, these hackers gun for the company’s top dogs.

These attacks are an off-shoot of spear phishes which are incredibly researched and detailed emails. The hackers will ensure that the sender is someone who the CEO is in close contact with and the email will follow similar writing styles that the executive is aware of the sender using. Once all of these factors are in place by the whaler, the email can be sent.

Typically, these whaling emails are common-place to someone knowledgeable on phishing emails. They will ask for the CEO to enter credentials, a bank account, or one that has been seen recently, W-2 forms. We have seen these W-2 form hacks recently targeting companies such as LAZ Parking and organizations such as the Milwaukee Bucks.

Another type of whaling email that has gained traction this past year has been the hacks on prominent government figures, particularly during this 2016 election cycle. Hillary Clinton and the DNC were hit very hard a couple of months ago after a Russian hacker infiltrated the democratic party’s private servers. Whaling does not only need to be targeting CEO’s for money, but any elite individual who has access to sensitive information.

While executives do have to worry a bit more about being hacked than the common man, it is in everyone’s best interest to stay on top of one’s knowledge on phishing attacks and how to avoid them in general.

Both executives and standard employees can avoid phishing emails by following PhishTrain’s five-step process outlined below:

  • Be skeptical of all emails and be sure to examine them closely before opening any attachments.
  • Be extra careful with messages that ask you for personal information- such as passwords.
  • Take caution in downloading smartphone or desktop apps and granting these apps special permissions.
  • Keep all browsers on your device updated as companies implement anti-phishing and security software.
  • If you are unsure about the legitimacy of a message, contact the message’s source directly.

Understand that human error is the one factor that allows a hacker access into the company’s network. By staying up to date on avoiding phishing, you can help be apart of an educated force and defend your personal identity.

Please contact PhishTrain for any more questions regarding whaling or generic phishing attacks.

-Team PhishTrain