Whale phishing is a phishing scam attack that targets the ‘big fish’ in an organisation; the senior executives and other people with access to highly valuable or sensitive information. The scam lures them to share valuable information or transfer funds into an account managed by the cyber criminal.
Cybercriminals use spymail to gather important information about their ‘big fish’ before they attack. The spymail contains tracking codes that return information to the sender. The person under attack has no idea the information is being collected.
While spam filters and email antivirus have been standard since the late 1990s, they won’t necessarily protect you from a whale-phishing scheme. What you need is an advanced technology solution coupled with cybersecurity policies and training.
Provide special training for people at risk
It’s important to provide all staff with email security training. However, senior executives and other people with access to highly valuable information require additional special training. This will help them to identify a malicious email and verify the sender. It will also raise awareness of their exposure to risk.
One Level of Security is Never Enough
Cybercriminals are sophisticated. In order to combat them, you need sophisticated multi-layer security systems. Senior executives may unintentionally let their guard down when traveling or accessing emails at home after a long day. Your security solutions need to reach outside the office and nine to five setting.
Revisit Your Fund Transfer Procedures
Many whale-phishing scam attacks are centred on the senior executive transferring funds, so it’s time you revisited your fund transfer procedures. As a minimum, establish a process that requires all transfers to be processed through a secure portal with two-factor authentication.
Implement anti-spymail protection.
Anti-spymail solutions can limit the amount of information an attacker can collect, making it difficult for a cyber criminal to perfectly time a credible attack.
Cybercriminals are changing their approach daily. For this reason, your approach to cybersecurity, and your policies needs to remain flexible. Stay alert and be prepared to make a change at any time.
If you need any assistance with your cyber security strategy or any help around cyber security please call us on 1300 478 738 or email us at email@example.com.