Whaling attacks are synonymous with CEO fraud, which is a popular tactic used by cybercriminals to defraud companies. In a Whaling attack, attackers target individuals who are at the authoritarian or decision-making positions in an organization. It is a potent form of a targeted phishing attack that aims at stealing information, credentials or initiating wire transfers.
How does a Whaling Attack take place?
To understand how a whaling attack takes place let us first try to grasp the difference between whaling attacks, phishing, and spear phishing:
Whaling VS Phishing
- A phishing attack does not target specific high-ranking individuals in an organization, it can target anyone.
- A whaling attack on the other hand is twice as successful and dangerous since it plays on an existing individual’s reliability and authority to fool victims, targeting only high-ranking executives in a company.
Whaling VS Spear Phishing
- Spear phishing attacks are also highly targeted phishing attacks that earmark specific personalities to launch fraudulent campaigns.
- Whaling differs from spear phishing in the aspect that they only pick out senior company executives as their primary target.
In whaling an attacker will send a phishing email to a senior executive, posing to be his manager, CEO, or CFO. This email will either instigate a wire transfer of company funds or ask for corporate credentials that would help the attacker gain access to the organization’s system.
The term “Whaling” is used to signify company executives or big fishes like the CEO and CFO. Since these individuals are in high-ranking positions in the company, they have access to sensitive information like no other. This is why impersonating them can prove to be detrimental to a company’s business and reputation.
Example of a Whaling Attack
In the example shown above, John, the finance team manager, received an email from Harry, the CEO of the organization, asking him to initiate an urgent wire transfer. In this case, if John doesn’t know any better, he would end up transferring the funds to which he has access and thereby fall prey to the whaling attack.
How to stop Whaling Attacks: protecting your organization and data
To make Whaling attacks even more effective as a social engineering tactic, attackers often do their homework elaborately and in great detail. They utilize publicly available information gathered from social media platforms like Facebook, Twitter, and LinkedIn to have an understanding of an executive’s daily life and activities. This makes them come off as credible and legitimate, helping them fool their victims easily.
Is there any way to stop whaling attacks? Yes, there is! Given below are certain proactive measures that you can deploy to help you combat phishing, spoofing, whaling, and other forms of social engineering attacks. Let’s do a quick run-through of what these are:
- Sender Policy Framework (SPF) helps you authorize your senders. If you are using multiple domains or third parties to send emails, an SPF record will help you specify them as legitimate sending sources so that malicious domains are blocked
- DomainKeys Identified Mail or DKIM is an email authentication protocol that helps ensure that your messages are unaltered throughout their journey.
- And finally, DMARC helps your emails align SPF or DKIM identifiers and specifies to email receiving servers how you want to handle fake whaling messages sent from your domain.
- After enforcing your policy mode, turn on DMARC XML reports to monitor your email sources and quickly pick up on any attempted attacks on your domain.
With these security measures in place, you can definitely reduce the success rate of whaling attacks targeted towards your organization’s employees. However, this isn’t all you can do. They say “education starts at home”, so along with protocol implementation make sure to spread awareness about popular attack vectors among your employees.