By using this site, you agree to the Privacy Policy and Terms of Use.
Accept
Start Your Business Magazine
  • Topics

    Grow, expand and leverage your business..

    Grow your start up business with our experts and industry insiders…

    Get Started

    Quick Links

    • Finance
    • Marketing
    • Technology
    • Business Books
    • Wellness
    • Interviews
    • Franchise

    Our Newsletters

    Our website stores cookies on your computer. They allow us to remember you and help personalise your experience with our site..

    Read our privacy policy for more information.
  • Trending
    TrendingShow More
    Communicate Better
    Start Your Business Start Your Business
    Majority of UK Employees Looking for a New Job
    Start Your Business Start Your Business
  • How To
    How ToShow More
    Tips for Running a Restaurant in the Most Efficient Way Possible
    Start Your Business Start Your Business
    Becoming self employed…
    Start Your Business Start Your Business
    Vet Start up
    Start Your Business Start Your Business
    Builder’s Growth
    Start Your Business Start Your Business
    Market for Construction
    Start Your Business Start Your Business
  • Agenda
    AgendaShow More
    The Great Resignation or Quiet Quitting
    Start Your Business Start Your Business
    Employee Support
    Start Your Business Start Your Business
    Teamwork
    Start Your Business Start Your Business
    Office Environment
    Start Your Business Start Your Business
    Health & Benefits
    Start Your Business Start Your Business
Reading: Whaling:
Connect
Start Your Business MagazineStart Your Business Magazine
Aa
  • Contact
  • Blog
Search
  • Agenda
  • Blog
  • Finance
  • Growing
  • Marketing
  • Opportunity
  • Starting Up
  • Technology
  • Wellbeing
  • Contact
Have an existing account? Sign In
Follow US
  • RSS
  • Terms And Conditions
  • Privacy Policy
  • Contact
  • Licensing
Copyright © 2014-2023 Ruby Theme Ltd. All Rights Reserved.

Whaling:

Start Your Business
Technology
Share
6 Min Read
Digital whale in the ocean of cryptocurrencies on its way to the moon. Whale is a term that refers to individuals or entities that hold large amounts of cryptocurrency.

The cyber attack targeting senior executives

Every business has heard of phishing attacks, the scam emails used by hackers to gain user credentials or financial information, but less well-known is ‘whaling’ – highly-targeted attacks aimed at the ‘big fish’ of an organisation.

Contents
The cyber attack targeting senior executivesHow to recognise a whaling attack: Emails are sent from a spoof domain nameThe message tries to make you act quicklyThey don’t want to speak on the phoneUpdated payment instructions are givenWhat should employees do in the event of a whaling attack?How to prevent a whaling attack:

Also known as CEO fraud, in a typical whaling attack, a hacker will masquerade as a senior member of a company and communicate with their employees asking them to send urgent payments or sensitive information.

Cyber security experts are concerned that whaling is on the rise. Anthony Green, CTO of cyber security firm FoxTech, discusses this issue and explains how to spot a whaling attempt:

“In recent years there has been an increase in the scale and sophistication of whaling attempts. The UK Cyber Security Breaches Survey 2022 saw businesses report that impersonation attempts were the second most common type of breach or attack they had faced in the last 12 months, with phishing being the most common.

“While phishing emails are often indiscriminate and unresearched – making them easier to spot – whaling attacks can be personalised, convincing and easy to fall for. Hackers often spend weeks gathering information to create a believable impersonation – studying the language and communication style of their target and finding out which employees regularly respond to requests from that person, and wouldn’t be surprised to receive an urgent communication.”

How to recognise a whaling attack:

Emails are sent from a spoof domain name

Hackers will try to make whaling emails look as legitimate as possible, including company graphics and spoof email addresses that look real at first glance – but contain minor differences. Look out for added or removed full stops that do not follow your company norm, like john.smith@company.com becoming johnsmith@company.com. Another common tactic is using ‘r’ and ‘n’ together to look like an ‘m’ – so markbrown@company.com becomes rnarkbrown@company.com. Whaling attacks are not always carried out via email. Hackers may claim to be a senior executive over platforms like text, WhatsApp or Slack. Be alert to messages from unknown numbers, and be wary of excuses such as a lost phone or deleted account.

The message tries to make you act quickly

Hackers rely on victims feeling compelled to act immediately, and without consulting the person the message claims to be from.

Any sense of urgency, such as marking the message as ‘important’ or ‘urgent’ in the subject line, a hurried tone, or demands for a quick payment could all be a sign that the demand is illegitimate.

They don’t want to speak on the phone

Be suspicious of any excuse regarding not being able to speak on the phone, such as lost signal, or being in a meeting, as this could be a sign that the communication is from a cyber criminal who doesn’t want to blow their cover.

Updated payment instructions are given

Whaling attacks will often involve the hacker giving an employee ‘updated payment instructions’, or making a request that money is sent to a different account for any reason. If a hacker has done their research, they may know about a real payment that is due to take place and use this information to make their request seem legitimate.

What should employees do in the event of a whaling attack?

Anthony comments:

“If you suspect an email is suspicious, do not respond. Instead, call the person the message claims to be from to confirm the legitimacy of the request. Do not proceed with any action until you have verbal confirmation. If you discover that the message was not legitimate, alert your entire company to the attack attempt, including all relevant details. Hackers will often target more than one employee so this can prevent someone else falling for the same attack.”

How to prevent a whaling attack:

“Strengthening your overall cyber security posture can help to prevent whaling attacks,” says Anthony. “Increase your email security by installing two-factor authentication and DMARC (an email spoofing protocol that stops the unauthorised use of an email domain). Many businesses also use a vulnerability management service to ensure any breach is identified as soon as it occurs. We also offer businesses an insight into the vulnerability of their domain with our free CyberRisk tool.”

“If a whaling email does get through your security measures, employees are the first line of defence. Ensure that staff are trained on how to deal with a whaling attack – the National Cyber Security Centre (NCSC) has a useful guide on how to deal with whaling. It is also a good idea to create a written company policy for how payments and sensitive data will be requested and sent, with a protocol for verbal confirmation – this makes it harder for an attacker to convince an employee that their request is legitimate.”

TAGGED: header

Sign Up For Daily Newsletter

Be keep up! Get the latest breaking news delivered straight to your inbox.

By signing up, you agree to our Terms of Use and acknowledge the data practices in our Privacy Policy. You may unsubscribe at any time.
Start Your Business November 30, 2022
Share this Article
Twitter LinkedIn Reddit Email Copy Link
  • RSS
  • Terms And Conditions
  • Privacy Policy
  • Contact
  • Licensing

Get the latest from us delivered straight to your inbox

Start Your Business Magazine: The Ultimate Business Start Up Guide provides information advice and guidance for entrepreneurs and new business start ups. Get the latest from us delivered directly to your inbox.

Our website stores cookies on your computer. They allow us to remember you and help personalize your experience with our site..

Read our privacy policy for more information.

Copyright 2023 Gambit Interactive Media Limited – All Rights Reserved.

Manage Cookie Consent
To provide the best experiences, we use technologies like cookies to store and/or access device information. Consenting to these technologies will allow us to process data such as browsing behavior or unique IDs on this site. Not consenting or withdrawing consent, may adversely affect certain features and functions.
Functional Always active
The technical storage or access is strictly necessary for the legitimate purpose of enabling the use of a specific service explicitly requested by the subscriber or user, or for the sole purpose of carrying out the transmission of a communication over an electronic communications network.
Preferences
The technical storage or access is necessary for the legitimate purpose of storing preferences that are not requested by the subscriber or user.
Statistics
The technical storage or access that is used exclusively for statistical purposes. The technical storage or access that is used exclusively for anonymous statistical purposes. Without a subpoena, voluntary compliance on the part of your Internet Service Provider, or additional records from a third party, information stored or retrieved for this purpose alone cannot usually be used to identify you.
Marketing
The technical storage or access is required to create user profiles to send advertising, or to track the user on a website or across several websites for similar marketing purposes.
Manage options Manage services Manage vendors Read more about these purposes
View preferences
{title} {title} {title}
Join Us!

Sign up to our free newsletter and never miss a hot topic!

Zero spam, Unsubscribe at any time.
Go to mobile version
Welcome Back!

Sign in to your account

Lost your password?