Whaling: The tale of Captain Ahab, cybercriminal
har she blows — and all your money goes!
Likely to see a rise in 2016, whaling attacks are becoming increasingly popular among today’s cybercriminals. They work by aggressively targeting enterprises under the guise of a company’s CEO or CFO, those in command deemed as the ‘whales’ of the organization, and therefore the best candidates for placing or ordering financial transactions.
Overall, whaling attacks are fairly straightforward in how they work. A cybercriminal scopes a well-moneyed organization and scams an email from an executive within the company. Then, that email is sent to another high stakes player within the company, preferably one with financial handlings, requesting cash be deposited into the cybercriminal’s designated account(s). And just like that, you’re hacked.
To further illustrate the blast radius of an attack, earlier this year the CEO and CFO of an Australian aircraft manufacturer were fired after the company lost nearly $40 million to a whaling attack.
Cybercriminals who commit whaling attacks do their homework. They are incredibly convincing, often studying their target business and its personnel, sometimes for months, before committing the crime. But despite their overly convincing methods, there are ways you can protect yourself from being whaled.
Know what signs to look for and actions to take to help prevent yourself and your company from falling victim to a whaling attack.