"Whaling" is a social engineering attack achieved often with a bare minimum of technological assistance, a simple but effective scam where an organisation's authority figure such as a CEO/CIO/CFO is impersonated, usually by email, in order to authorise some form of illegitimate data or funds transfer.
Some of the successful scams have been very simple, such as an email (from a Hotmail or Gmail address) to an employee pretending to be from a CEO requesting an urgent funds transfer by wire to a secretary or bookkeeper.
Whaling attacks can be coordinated with other methods such as Trojan Horse programs used to steal passwords, gain elevated access, or to collect intel for a further and more sophisticated whaling attempt.
An elevated access example would be where a hacker gets access to a CFO's email account, and send an email to an employee from the authority directly. It would only be a vigilant CFO or employee who may spot the sent mail or instruction as suspicious that could prevent this scam's success.
Australian mining magnate Andrew Forrest fell victim to a $615,000 sting through a Trojan Horse whaling attack.
As the scam is heavily reliant on fooling people, technological solutions have a limited ability to assist, but new whaling-specific software is coming. Mimecast is releasing a product called "Impersonation Protect" using algorithms to analyse key indicators and words for red flags.
In an interview with CSO Australia last year, Mimecast's country manager Nicholas Lennon said, "We have, for example, seen an increase in attacks that don't have malware but socially engineer communications using LinkedIn or Internet data to impersonate a senior executive.”
General network security still applies. The most effective Whaling attacks are those with inside access to accounts and intel, and a Unified Threat Management (UTM) device assists here by filtering traffic both coming in and going out, providing VPN services to get your remote desktop servers off the public Internet, and providing intrusion detection services.
Awareness and education remain as one of the most effective prevention methods, so don't forget to let your staff know about Whaling and what to look for.
How can Diamond help?
At Diamond ICT, we believe that staff awareness and education plays an important role in an effective risk management strategy, to discuss further please call us today on 1300 307 907 or simply complete our online form below for more information.
Source Credit: centrify.com (http://blog.centrify.com/ceo-fraud-business-email-compromise/)
