Whale Phishing – 5 ways to protect yourself

Whale phishing is a phishing scam attack that targets the ‘big fish’ in an organisation; the senior executives and other people with access to highly valuable or sensitive information. The scam lures them to share valuable information or transfer funds into an account managed by the cyber criminal.

Cybercriminals use spymail to gather important information about their ‘big fish’ before they attack. The spymail contains tracking codes that return information to the sender. The person under attack has no idea the information is being collected.

While spam filters and email antivirus have been standard since the late 1990s, they won’t necessarily protect you from a whale-phishing scheme. What you need is an advanced technology solution coupled with cybersecurity policies and training.

Provide special training for people at risk

It’s important to provide all staff with email security training. However, senior executives and other people with access to highly valuable information require additional special training. This will help them to identify a malicious email and verify the sender. It will also raise awareness of their exposure to risk.

One Level of Security is Never Enough

Cybercriminals are sophisticated. In order to combat them, you need sophisticated multi-layer security systems. Senior executives may unintentionally let their guard down when traveling or accessing emails at home after a long day. Your security solutions need to reach outside the office and nine to five setting.

Revisit Your Fund Transfer Procedures

Many whale-phishing scam attacks are centred on the senior executive transferring funds, so it’s time you revisited your fund transfer procedures. As a minimum, establish a process that requires all transfers to be processed through a secure portal with two-factor authentication.

Implement anti-spymail protection.

Anti-spymail solutions can limit the amount of information an attacker can collect, making it difficult for a cyber criminal to perfectly time a credible attack.

Stay Flexible

Cybercriminals are changing their approach daily. For this reason, your approach to cybersecurity, and your policies needs to remain flexible. Stay alert and be prepared to make a change at any time.

If you need any assistance with your cyber security strategy or any help around cyber security please call us on 1300 478 738 or email us at info@suretyit.com.au.

Contact Us

This field is for validation purposes and should be left unchanged.

Find out how we can help with your IT challenges.

About the author:

Ash Klemm

Ash Klemm

Ash has over 20 years of experience in sales and marketing.His journey from a casual salesperson at Chandlers to State Manager at a national IT distribution company, while battling health issues, including a double lung transplant in 2015, gave him the experience, know-how, tenacity, and marketing insight, to find solutions and help businesses grow.After spending several years in the ivory tower of state management, Ash missed the genuine connection of face to face meetings and helping make a difference to businesses in need.His authentic, conversational, and easy-going nature helps our customers feel at ease and shows them we are a brand to trust. Ash spends his days advocating for our customers to ensure they receive the best possible service in a timely fashion. Ash is also the in house chair builder.His curiosity and natural problem-solving ability make him the perfect first call for all our new customers to help determine what is wrong, how Surety IT can help and what the best solutions are moving forward.
Scroll to Top