The cyber attack targeting senior executives
Every business has heard of phishing attacks, the scam emails used by hackers to gain user credentials or financial information, but less well-known is ‘whaling’ – highly-targeted attacks aimed at the ‘big fish’ of an organisation.
Also known as CEO fraud, in a typical whaling attack, a hacker will masquerade as a senior member of a company and communicate with their employees asking them to send urgent payments or sensitive information.
Cyber security experts are concerned that whaling is on the rise. Anthony Green, CTO of cyber security firm FoxTech, discusses this issue and explains how to spot a whaling attempt:
“In recent years there has been an increase in the scale and sophistication of whaling attempts. The UK Cyber Security Breaches Survey 2022 saw businesses report that impersonation attempts were the second most common type of breach or attack they had faced in the last 12 months, with phishing being the most common.
“While phishing emails are often indiscriminate and unresearched – making them easier to spot – whaling attacks can be personalised, convincing and easy to fall for. Hackers often spend weeks gathering information to create a believable impersonation – studying the language and communication style of their target and finding out which employees regularly respond to requests from that person, and wouldn’t be surprised to receive an urgent communication.”
How to recognise a whaling attack:
Emails are sent from a spoof domain name
Hackers will try to make whaling emails look as legitimate as possible, including company graphics and spoof email addresses that look real at first glance – but contain minor differences. Look out for added or removed full stops that do not follow your company norm, like firstname.lastname@example.org becoming email@example.com. Another common tactic is using ‘r’ and ‘n’ together to look like an ‘m’ – so firstname.lastname@example.org becomes email@example.com. Whaling attacks are not always carried out via email. Hackers may claim to be a senior executive over platforms like text, WhatsApp or Slack. Be alert to messages from unknown numbers, and be wary of excuses such as a lost phone or deleted account.
The message tries to make you act quickly
Hackers rely on victims feeling compelled to act immediately, and without consulting the person the message claims to be from.
Any sense of urgency, such as marking the message as ‘important’ or ‘urgent’ in the subject line, a hurried tone, or demands for a quick payment could all be a sign that the demand is illegitimate.
They don’t want to speak on the phone
Be suspicious of any excuse regarding not being able to speak on the phone, such as lost signal, or being in a meeting, as this could be a sign that the communication is from a cyber criminal who doesn’t want to blow their cover.
Updated payment instructions are given
Whaling attacks will often involve the hacker giving an employee ‘updated payment instructions’, or making a request that money is sent to a different account for any reason. If a hacker has done their research, they may know about a real payment that is due to take place and use this information to make their request seem legitimate.
What should employees do in the event of a whaling attack?
“If you suspect an email is suspicious, do not respond. Instead, call the person the message claims to be from to confirm the legitimacy of the request. Do not proceed with any action until you have verbal confirmation. If you discover that the message was not legitimate, alert your entire company to the attack attempt, including all relevant details. Hackers will often target more than one employee so this can prevent someone else falling for the same attack.”
How to prevent a whaling attack:
“Strengthening your overall cyber security posture can help to prevent whaling attacks,” says Anthony. “Increase your email security by installing two-factor authentication and DMARC (an email spoofing protocol that stops the unauthorised use of an email domain). Many businesses also use a vulnerability management service to ensure any breach is identified as soon as it occurs. We also offer businesses an insight into the vulnerability of their domain with our free CyberRisk tool.”
“If a whaling email does get through your security measures, employees are the first line of defence. Ensure that staff are trained on how to deal with a whaling attack – the National Cyber Security Centre (NCSC) has a useful guide on how to deal with whaling. It is also a good idea to create a written company policy for how payments and sensitive data will be requested and sent, with a protocol for verbal confirmation – this makes it harder for an attacker to convince an employee that their request is legitimate.”