Express Computer
Home  »  Guest Blogs  »  Delving into CEO Scams or Whaling Attacks: How to Identify and Avoid These Targeted Phishing Scams

Delving into CEO Scams or Whaling Attacks: How to Identify and Avoid These Targeted Phishing Scams

0 87

By Harish Kumar GS, Head of Sales, India and SAARC, Check Point Software Technologies

According to CERT IN reports, the number of phishing incidents has been on the rise in India, wherein 2022 saw a 230% increase in phishing attacks. These attacks had grown threefold in 2022 compared to the year prior, from 523 recorded in 2021 to 1,714 in 2022.

In September, last year, an official from the Serum Institute of India (SII), a leading pharmaceutical company, fell victim to a sophisticated phishing attack known as whale phishing. The perpetrators, posing as the company’s CEO, Adar Poonawalla, contacted the official via WhatsApp and instructed them to transfer a significant sum of money, over Rs 1 crore, to several bank accounts. Believing the message to be authentic, the official proceeded to execute the fraudulent transactions, unknowingly transferring the funds into the hands of the cybercriminals. Upon realizing the scam, the company promptly alerted the Pune police and filed a complaint.

In a landscape of evolving cyber threats, phishing attacks continue to cause devastating consequences for organizations around the world. Although it’s well known that 91% of cyber attacks stem from phishing, why do companies still fall victim to it?

Hackers are becoming more intelligent and are crafting new ways to deliver their phishing payloads. There’s one variation in particular that’s more dangerous than the rest. Enter a more sinister and targeted version of phishing that flies under the radar – the whaling attack.

A whaling attack: Explained

Whaling attacks, also known as “whale phishing,” take their name from the concept of “fishing for whales.” In this example, a “whale” refers to a high-profile target within a company, such as a CEO, CFO or other top-level executive. In contrast with a generic phishing attack, which casts a wide net and is less targeted, whaling attacks are highly focused and personalized. As a result, they often yield a higher success rate than other types of attacks.

Common objectives of whaling attacks include tricking the victim into giving up personal details or sending large sums of money.

Characteristics of a whaling attack

In a whaling attack, there are several characteristics which distinguish it from a general phishing attack. These include:

Targeted victims: Hackers carefully research their targets. They scour the web for information on where the targets live, what their social media profiles look like, and other sensitive information that only a close confidant may know.

Personalization: Threat actors use sensitive information that they’ve gathered to craft convincing, tailored emails, text messages, or phone calls. In some cases, threat actors will use deepfakes – software that enables them to fake the voice or even video of the target – to convince a decision-maker to hand over sensitive information or wire millions of dollars.

Spoofing: Attackers employ advanced techniques to spoof email addresses and domains, making it appear as thought the email is coming from a trusted source within the company.

Deceptive content: Whaling emails often contain psychological triggers, such as fake urgent requests for wire transfers, requests for access to confidential data, or other requests for high-impact actions. Threat actors use social engineering to trick their targets into falling for these tactics.

Prevent whaling attacks

If you want to defend against whaling attack, you’ll need a combination of technical and people-focused strategies. These include:

Employee training. Ensure that employees of all levels at the company undergo cyber security awareness training to ensure that they know about phishing attacks, whaling attacks and other threats.

Multi-factor Authentication (MFA). Implement MFA to add an extra layer of security in order to protect against email phishing threats.
Email authentication. Implement email authentication protocols like DMARC (Domain-based Message Authentication, Reporting, and Conformance) to prevent email spoofing and improve the security of your email communication.

Email filtering. Utilize advanced email filtering solutions to identify and quarantine any potential phishing or whaling threat. This feature can analyze email content, sender reputation, and other indicators of a whaling attack.

Verification procedures. Establish strict verification processes for high-value transactions or requests. For example, employees should confirm requests such as wire transfers with the purported through an alternative communication channel.

Whaling attacks are a sophisticated and highly targeted form of phishing that poses a significant threat to organizations, especially since they target high-profile employees. By understanding what whaling attacks look like and implementing preventive measures, companies can reduce the risk of falling victim to these scams.

Get real time updates directly on you device, subscribe now.

Leave A Reply

Your email address will not be published.

LIVE Webinar

Digitize your HR practice with extensions to success factors

Join us for a virtual meeting on how organizations can use these extensions to not just provide a better experience to its’ employees, but also to significantly improve the efficiency of the HR processes
REGISTER NOW 
India's Leading e-Governance Summit is here!!! Attend and Know more.
Register Now!
close-image
Attend Webinar & Enhance Your Organisation's Digital Experience.
Register Now
close-image
Enable A Truly Seamless & Secure Workplace.
Register Now
close-image
Attend Inida's Largest BFSI Technology Conclave!
Register Now
close-image
Know how to protect your company in digital era.
Register Now
close-image
Protect Your Critical Assets From Well-Organized Hackers
Register Now
close-image
Find Solutions to Maintain Productivity
Register Now
close-image
Live Webinar : Improve customer experience with Voice Bots
Register Now
close-image
Live Event: Technology Day- Kerala, E- Governance Champions Awards
Register Now
close-image
Virtual Conference : Learn to Automate complex Business Processes
Register Now
close-image