Categories
Industry Insights IT Solutions Managed IT Services

What are Whaling Attack Threats and Protection?

This is an engineered attack based on human behaviour and it is important to know what are whaling attack threats and protection.

This is extremely important as whaling attacks have been growing and it should be discussed with your team.

Whaling Attacks are considered a social engineering hack technique and rely on the human element to bypass technology.

What is a WHALING ATTACK?

A whaling attack is a targeted attack on an organization. The goal is to steal sensitive information and/or financial information. A whaling attack usually targets senior management including CEO, CFO, or other executives who have complete access to sensitive and/or financial data. The goal of a whaling attack is to trick an executive or employee into revealing information including personal data, corporate data, or financial data.

WHY ARE WHALING ATTACKS SUCCESSFUL?

Whaling attacks are engineered to use fraudulent emails that appear to be from trusted sources to try to trick victims into divulging sensitive data over email or visiting a spoofed website that mimics a legitimate business.  They tend to ask for information such as payment or account details.

Example: The real email is “asmith@20.151.77.169” and the fake email is “asmith@365itsolution.com”

What are Whaling Attack Threats and Protection (2)
What are Whaling Attack Threats and Protection (2)

What are some EXAMPLES OF WHALING ATTACKS?

Whaling attacks can be difficult to identify as many companies have fallen victim to these attacks in recent years including Snapchat. A senior employee was tricked into revealing employee payroll information. Seagate also provided requested W-2 forms for all current and former employees.

These are two tech companies and even they were not safe as once again this relies on the human factor.

How do you protect from WHALING ATTACKS?

Here are four simple ways to prevent a whaling attack on yourself or your organization.

  • Educate Staff – All team members should be educated about the effects of whaling attacks and how to spot them. The training should include common specifics such as phishing attacks like spoofed sender names, unsolicited requests and attachments, or spoofed hyperlinks.
  • Keep It Private – Executives and upper management try to keep information private including personal information, birthdays, hobbies, friends, and addresses. All this information can be used for a whaling attack and the best way to protect is to use privacy restrictions on your information.
  • Verbally Verify – This one is free and one of the most effective processes. If an employee receives an email requesting funds, they should get a verbal confirmation from the contact also. This should be a documented internal process as well as a training process for employees.
  • Protect Your Data – It is important you discuss with your IT department or managed IT services provider your disaster recovery plan. These are critical in recovering and the last line of defense against whaling attacks.

All cyber crimes should be reported to Royal Canadian Mounted Police (RCMP).

If you are asking what are Whaling Attack Threats and Protection? You should talk to your IT department or managed IT services provider to get a full scope of your risks.

Our complimentary network and security assessment can put your IT infrastructure to the test.

365 iT SOLUTIONS is Toronto’s leading IT consulting boutique firm offering industry-leading IT solutions including Managed IT ServicesIT Support ServicesIT Outsourcing ServicesTech Support Services and Cloud Services.