Whaling attacks

What is a Whaling Attack?

Whaling attacks, also known as CEO Fraud, belong  to the group of social engineering attacks. Whaling attacks differ from both phishing and spearphishing attacks. They will have more specific objective and their victims tend to hold top positions at large organizations.

How are Whaling Attacks carried out?

Whaling attacks are often very elaborate and thorough work, behind which there is a lot of research. Both the sender and the receiver of the message are carefully chosen. Receiving an email from the CEO is not the same as receiving it from an intermediate officer.

Before launching the attack, the hackers carefully study the person they are going to use as a “hook”. Once analyzed their social networks and all the public information available on the Internet, the hackers prepare an email in which they will include logos, corporate signatures and as many specific details as possible. 

The emails are usually light (with no attachments, or links) and urge the victim to perform certain actions. The ultimate purpose of these emails is diverse, from the theft of money to obtaining confidential information or access to the corporate network.

Examples of Whaling Attacks 

Two of the most famous cases of this type of attack are:

  • Snaptchat: the hacker pretended to be a senior manager to get confidential information regarding employees payroll.
  • Mattel: the hacker tricked the financial director into making a transfer (the victim thought the order came from their superiors).

These cases are just two examples of a problem that, according to the FBI, has already cost companies more than 2,000 million euros in just three years.

The importance of this type of attack is such that the SANS Institute places it in their report “2017 Threat Landscape Survey: Users on the Front Line” among the main threats along with phishing and spearphishing.

How can we protect ourselves? 

Companies must raise awareness and educate their employees, but this does not guarantee anything, the chances are very high that at some point someone falls into the trap.

Beyond raising awareness about the danger of oversharing or giving general guidelines on how to act in the face of possible cyber-attacks, the only way to really guarantee the security of the corporate network is by eliminating the attack surface, and this is only possible with RITech. Discover how our isolation technology can help you protect your business against this and other web attacks.

Follow us on Twitter y LinkedIn to stay up on the latest updates and remember that you can also subscribe to our blog!.