Social engineering attacks are the biggest threat to organizations’ cybersecurity. Over the years, these attacks have evolved and become more sophisticated. One such attack is a whaling phishing attack. Whaling is a type of social engineering attack that is highly dangerous and damaging for organizations. Whaling attacks can incur financial loss, data loss, brand damage, disruption in operations, and much more!
What is Whaling Attack?
Whaling is a type of phishing attack where the threat actors target renowned, wealthy, or high-profile individuals such as C-suite executives, celebrities, etc., that can be regarded as whales. Cybercriminals often try to leverage the acquired information from ‘whales’ to extort money or provoke them to provide more confidential information.
According to the FBI, organizations around the world lost over $215 million in 2014 due to phishing email attacks.
Join our weekly newsletter and get the latest cybersecurity updates delivered directly to your inbox
In other words, a whaling attack is similar to business email compromise (BEC) attacks, where users impersonate C-suite executives to lure other employees to reveal information or make transactions. In the same way, threat actors lure someone who is important and deceive them into revealing sensitive information to extort huge amounts of money from victims.
How Does Whaling Phishing Work?
The fundamental step of a whaling attack is research. Threat actors carry out extensive research on the target victim to find information to use to create a phishing email by impersonating someone the target can trust. The research includes an exploration of victims’ social media profiles, connections, etc.
Then they create a spoofed email with an impersonated email address to carry out a phishing email attack. The threat actors can also include an organization’s corporate logos and impersonate domains to make the email more trustworthy.
Such emails contain a link to a phishing or fake website, where they are asked to provide credentials, bank account details, or confidential information. They use this information to steal data or infect the system with malware. Upon their acquisition of data, they can ask to extort money.
There are the following three main approaches and tactics for carrying out whaling attacks used by cybercriminals:
- Whaling emails from impersonated colleagues
- Whaling through social media
- Whaling phishing emails and confirmation phone calls
Notable Whaling Attacks
Levitas Capital Targeted Through Fake Zoom Link
In late 2020, an Australian hedge fund company, Levitas Capital, fell victim to a whaling attack. The co-founder of the company received a fake zoom link that infected the network and system with malware. The threat actors generated fake invoices, incurring financial damage of $8.7 million, but they received only $800,000 when the attack was discovered. But the reputational damage to the company was immensely leading them to shut down their organization.
Aerospace Company, FACC Suffered $58 Million Loss
FACC is an Australian aerospace company that fell victim to a whaling attack. In this attack, the cybercriminal impersonated an executive or finance officer and demanded the transfer of $58 million. The threat actors carried out a phishing email campaign after spoofing the company’s domain, asking victims to make transactions under the subject line “urgent transaction.” Later, several employees and the CEO of the company were fired for their involvement in the attack.
Snapchat Lost Payroll Information in a Whaling Attack
Snapchat fell victim to a whaling attack in 2016. The HR department received an impersonated email from the CEO asking for the payroll information of employees. In response to the request, someone from the HR department revealed the information to a few current and former employees of the company. After a few hours, the attack was confirmed and reported to the FBI. When the information of compromised employees was discovered, they were offered two years of free monitoring and identity-theft insurance.
How Spear Phishing is Different from Whaling?
The concept of phishing is to bait or lure targets with something such as rewards so that they click on phishing links and lose their confidential data or credentials. There are various ways in which phishing can be done, such as voice (vishing), text messages (smishing), emails, etc. Spear phishing and whaling are types of phishing with certain specifications and applications.
Spear phishing is a type of cyber attack, where threat actors carry out targeted attacks on individuals. A whaling attack is also a targeted phishing attack. The main difference is that in whaling, those individuals are targeted and can lose a lot of money. Spear phishing can be carried out by any individual, but whaling is only done to people whose whole financial gain is expected by threat actors.
How Can Enterprises Combat Whaling Attacks?
Organizations face the biggest consequences from data loss during whaling attacks. These attacks not only disrupt the daily operations of the organizations but also incur financial damage. The whaling attacks also lead to reputation damage for individuals and organizations. Below are the listed ways to prevent whaling attacks.
Incorporate a Verification Process
Every organization needs to employ a mechanism for verifying the data or transaction being requested in emails. The process can involve personally verifying, through a call or another medium, the transfer of data or transaction requested.
Cybersecurity Awareness Training
The employees are the first targets of cyber attacks. Every organization must ensure they train and educate their employees to prevent phishing attacks. The cybersecurity awareness training for employees will educate them about different attack vectors and how to prevent them.
Implement a Security Policy for Social Media
Every individual has different social media platforms. They need to be vigilant about what information they are sharing on those platforms and also with whom they’re communicating. On the other hand, organizations need to make some standard policies to guide their employees to not share their professional or work-related details on social media.
Phishing Incident Response Tool
A phishing incident response tool is used to report suspicious emails. Every employee must be vigilant about emails that are landing in their inbox. If they find any suspicious email, they can instantly report it through tools such as TPIR.
Implement Security Measures
Organizations can employ other security measures like email security to make sure their outbound and inbound emails are risk-free. The organization must employ email authentication protocols such as SPF, DKIM, and DMARC to ensure their outbound emails are secure. Implementing these protocols will prevent cybercriminals from spoofing an organization’s domain and sending phishing emails to the employees asking for confidential information or asking them to make financial transactions.
Whale Phishing is a Huge Threat: Empower Employees
The whaling phishing attack is already a major source of concern for businesses all over the globe. Every year, various organizations fall victim to this sophisticated phishing attack. To prevent such cyber threats, organizations need to empower their employees. They need to make the first line of defense into the strongest line of defense through Threatcop Security Awareness Training. Additionally, organizations should also employ the Threatcop Phishing Incident Response Tool to provide employees an option to report suspicious emails.