If you receive an email from the chief executive officer of your company seeking account or finance-related details or to transfer money to an unknown account, exercise abundant caution. You could be the target of a whaling attack that uses precisely this method to swindle unsuspecting victims.
This kind of cyberattack also known as Business Email Compromise (BEC) uses emails that appear to be sent by senior executives of the victims' company. The seemingly authentic emails trick accounting and finance employees to make wire transfers to the account of a cybercriminal.
According to security firm Mimecast, around 55% of the organisations they surveyed in the US, UK, South Africa and Australia, have seen a surge in whaling email attacks over the last three months.
Their research further suggests that in 72% of the cases whaling emails appeared to be sent by the CEO of the company, while 36% seemed to come from the CFO. Hackers involved in such attacks apparently take a significant amount of time to study their target company and identify the victim as well as the organisational hierarchy around them. The hackers prefer Gmail accounts in 25% cases, and Yahoo and Hotmail in around 8% of cases.
Orlando Scott-Cowley, technologist and evangelist at Mimecast, says that whaling attacks are more difficult to detect than phishing emails as they don't contain a hyperlink or malicious attachment and rely on social-engineering to trick their targets. The attackers collect most of the information from social networks such as Facebook, LinkedIn and Twitter that provide them with key details of the senior executives of a company.
Mimecast believes educating senior management, other important staff and the finance team on these attacks, could help the company fight against whaling attacks. It further recommends that the company carry out whaling attack exercises to understand staff vulnerability. Apart from that, it suggests considering inbound email stationery, which alerts employees about emails originating from outside the corporate network. Besides, it says it is worth registering all available top level domains (TLDs) for the company's domain.
Scott-Cowley also said: "The barriers to entry for whaling attacks are dangerously low. As whaling becomes more successful for cybercriminals, we are likely to see a continued increase in their popularity, as hackers identify these attacks as an effective cash cow."