What is a Whaling Attack?
By Nick Anderson 5 minutes
Cybercriminals are always cooking up new ways to target internet users. There can only be so much protection that you can install; unless you train yourself to identify scams, you will always be at risk. Whaling attack is dangerous because it can do more than just damage your relationship with your employer; it can cost your reliability in the professional space.
Any cyberattack where the intent is to steal information or trick you into transferring money relies on the authenticity of the perpetrator. The attacker tries to instill a sense of urgency that might make your forgo some basic verification protocols. What separates Whaling attack from some other attacks such Phishing is that the target. Let’s understand what that means.
Whaling Attack Explained
Let’s take an example. To catch fish from the sea, you drop a large net and hope to bait and catch fish. The purpose is to catch as many as you can with a single tool. But what if you want to catch a big fish? You willprepare better tools,know where the fish is likely to reside, and simply focus on that fish alone because it’s a bigger catch.
Whaling attack is similar. Where normal phishing attempts try to target a large number of people and hopethat at least one will fall victim, a Whaling Attack targets a single high-ranking individual such as the CEO, CFO or a Senior Manager of a company. It involves clever social engineering to fabricate an attack that looks convincing. The attacker will gather information available through mediums such as social media accounts and company’s websites, or any other source that may reveal tiny details about the individual.
Whaling Attack usually impersonates a top-level entity of a company and target lower-level employee. The attack could be used to either draw information on the company’s secrets, such as ongoing projects or ask for money transfers. Imagine an email from the CEO to an employee in the finance department requesting an immediate transfer of money. The email, which appears to come from the CEO, will include information that apprehends the logic of the victim.
How to Identify Attacks
The thing to remember about Whaling Attacks is that everything depends on the authenticity of attack; otherwise, it will not work,and the company will be alerted. The attacker will do everything, search every corner of the internet to craft an identity that appears legitimate.
One of the makeups of such an attack is the email address. The attack will use an email address that resembles closely with the person being impersonated.
- Instead of [email protected]
- The email address will read [email protected], [email protected], [email protected]
Only the company’s IT team has access and can create email addresses belonging to a private email extension. The only thing an attacker can do is use the closest match and hope that the subtle changes can go past unnoticed.
It’s not just emails from CEOs that target lower-level employees; it works the other way around too. Whaling Attack could target the CEO or the CFO to authorize a payment to the attacker’s account. Since this time the email is coming from CEO, the finance department would have little to doubt they are being played.
When it comes to fabricating a convincing email, everything counts. Targeting corporate workers requires a grasp of professional language; it wouldn’t be much of an attack if it looked unprofessional with a lot of grammatical mistakes.
The best protocol in such situations when money is concerned: always verify. Some attackers will combine an email with a phone call that verifies the delivery of the email, thus making it more convincing to the victim. If the email comes from the CEO, then verify in person or through a call. Similarly, if the email appears to come from a business partner regarding receivables, then verify with the finance department before signing off the transfer.
How Does Whaling Attack Differ from Spear Phishing?
Whaling Attack is Spear Phishing, in essence, but much more concentrated. It focuses on an individual as the target and gathers information for impersonation. Both rely on social engineering to fabricate techniques that seem legitimate to the target.
Spear Phishing focuses on a group of employees that are above the lower-level staff. Phishing refers to the fraudulent technique of targeting a large number of people. An example of Phishing is a password reset email, notifying that your account has been locked temporarily. The email would include a malicious link that takes you to a fake password reset form. Once you enter your old credentials as a requirement, the fields will deliver that information to the attacker.
As a more recent example, Coronavirus-related phishing attempts are tricking people into downloading malware by promising updates on COVID-19. These emails appear to come from trusted sources such as the CDC. An app alleges to provide a heatmap of infected people in your vicinity, but instead hits your device with a ransomware.
Keeping that in mind, Spear Phishing narrows the target down to a select group of people. And Whaling Attack narrows it further to a person. If done right, the attack can cause serious damage to the company that can account in millions, or it might install a backdoor in the system through a malicious link.
Whaling Attack preys on unsuspecting victims and hopes on the person’s lack of awareness. It is why employees should be trained to expect malicious emails or calls. There should be clear protocols for carrying out certain tasks, such as wiring a large sum of money or sharing confidential information. It should be a standard practice to never use unsecure Wi-Fi networks without encryption, something that a Secure VPN can help you achieve.