Whale Phishing – 5 ways to protect yourself

Share on facebook
Share on twitter
Share on linkedin
Share on pocket

Whale phishing is a phishing scam attack that targets the ‘big fish’ in an organisation; the senior executives and other people with access to highly valuable or sensitive information. The scam lures them to share valuable information or transfer funds into an account managed by the cyber criminal.

Cybercriminals use spymail to gather important information about their ‘big fish’ before they attack. The spymail contains tracking codes that return information to the sender. The person under attack has no idea the information is being collected.

While spam filters and email antivirus have been standard since the late 1990s, they won’t necessarily protect you from a whale-phishing scheme. What you need is an advanced technology solution coupled with cybersecurity policies and training.

Provide special training for people at risk

It’s important to provide all staff with email security training. However, senior executives and other people with access to highly valuable information require additional special training. This will help them to identify a malicious email and verify the sender. It will also raise awareness of their exposure to risk.

One Level of Security is Never Enough

Cybercriminals are sophisticated. In order to combat them, you need sophisticated multi-layer security systems. Senior executives may unintentionally let their guard down when traveling or accessing emails at home after a long day. Your security solutions need to reach outside the office and nine to five setting.

Revisit Your Fund Transfer Procedures

Many whale-phishing scam attacks are centred on the senior executive transferring funds, so it’s time you revisited your fund transfer procedures. As a minimum, establish a process that requires all transfers to be processed through a secure portal with two-factor authentication.

Implement anti-spymail protection.

Anti-spymail solutions can limit the amount of information an attacker can collect, making it difficult for a cyber criminal to perfectly time a credible attack.

Stay Flexible

Cybercriminals are changing their approach daily. For this reason, your approach to cybersecurity, and your policies needs to remain flexible. Stay alert and be prepared to make a change at any time.

If you need any assistance with your cyber security strategy or any help around cyber security please call us on 1300 478 738 or email us at info@suretyit.com.au.

Find out how we can help with your IT challenges.
Talk to us today 1300 478 738 or Email

Subscribe for the latest industry news, updates and advice.

About the author:

Geoff Stewart

Geoff Stewart

Geoff Stewart is a highly experienced and skilled IT Challenger at Surety IT. His knowledge is based on years of industry experience having created customised, stable, well performing systems both for multi-national companies in the UK and Australia and Surety IT customers.

Surety IT’s mission is to address and overcome the 4 biggest problems businesses have with their IT systems and support which are: poorly performing systems, unreliable systems, unresponsive IT support and poor IT related advice.

We’ve developed a proprietary process that allows us to do that by: thoroughly understanding your business requirements, gaining an in-depth knowledge of your IT systems, identifying mission critical technology issues vital to your business performance and ensuring our ‘Solution Path’ process is specifically designed and tailored for you with value based solutions and support.

Give us a call or send us a message on our contact page to find out more about how we go about achieving these outcomes.

Scroll to Top