SOCIAL ENGINEERING | 5 MIN READ
Whaling is a common term used to describe the hunting of whales for the oil that their blubber produces. In Las Vegas, the term "whale" is used to describe gamblers who are prepared to bet large sums of money at the casinos. When it comes to cyber threats, whaling attacks pose a unique risk to business executives. Keep reading to learn what whaling attacks are and how you can prevent it.
What is a Whaling Attack?
While the term whaling refers to the type of victim that's targeted, phishing is the method used to carry out a whaling attack. Phishing, a form of social engineering, involves fraudulently attempting to gain access to a victim's personal accounts by tricking them into providing personal information or clicking on a malware link.
The most common phishing technique, which is heavily used to carry out whaling attacks, takes place over email.
For instance, imagine receiving an email that looks like it's from your bank telling you that you need to click a link to log into your account right now to address some errors or you're temporarily lose access to your account.
In reality, this email is from a hacker pretending to be your bank, and instead of leading to your banking website, when you click the link you actually download malware onto your computer, which gives a hacker a backdoor into your network and all your personal accounts.
These attacks purposely instill a sense of fear and urgency in victims so they act quickly without thinking. In the scenario above, threatening the suspension of bank account access without immediate action instills both.
C-level employees and owners are great targets because they often have tremendous amounts of sensitive data stored in accounts such as their email. An executive's email can contain data such as logins to company accounts, for instance HR management systems.
If a hacker gains access to your HR platform, they can view employee Social Security numbers. Imagine all the other platforms an executive may have access to that could put an entire company's privacy at risk and then you'll see why hackers love to target executives.
What Can Be Done?
By recognizing the unique threat that a whaling attack poses, businesses can take steps to secure not only an executive's account, but the entire company's network as well. Expansive protection is necessary because all it takes is one weak link for a company's data to be breached.
So, what can be done?
Companies who are serious about protecting their sensitive data often turn to cyber security training programs. These programs re-create real-world cyber attack scenarios by sending fake phishing emails to all employees.
Those who click on the link in the email are immediately sent to cyber security training and taught about ways to avoid falling for fraudulent email schemes.
Cyber security training seminars can also be used to educate employees about how to create a secure account login, and best practices when conducting business online.
For some quick tips on avoiding email phishing attempts, check out the graphic below.
If your company doesn't have the resources to hold cyber security education seminars or effectively manage your network security in-house, consider managed IT services.
Besides educating employees about cyber security, a managed service provider (MSP) takes security a step further by analyzing your network infrastructure for weak spots, installing various layers of hardware and software, and addressing any threats that pop up.
Companies need to be diligent about implementing policies to prevent whaling attacks, because one wrong click could send your company out of business.
Want to Learn More?
Posted by Erica Kastner
Erica Kastner is a lead Content Specialist at Standard Office Systems as well as a University of Georgia graduate. She aims to use her passion for problem-solving to help businesses understand how to better leverage their network infrastructure.