Cybercrime is one of the fastest growing crimes in the world, and email whaling attacks are on the rise. According to research by email management company Mimecast, 55% of 442 IT companies surveyed in South Africa, the US, UK and Australia saw rises in whaling attacks over the last three months of 2015.
But what is whaling?
Whaling or spear phishing attacks are scams targeted at organisations, to get confidential information. Attackers create spoof emails that appear to be sent from the CEO or CFO for example, to trick the recipient to transfer funds, or click on a link which will gather information. These criminals are extremely sophisticated and the spoof emails look completely legitimate, making them very difficult to detect. Speaking at the event, Mimecast Customer Experience Manager Christelle van der Merwe, said the average company takes 229 days before they realise they have been breached.
How it works
- Scammers will usually do their research on social media sites like LinkedIn to get the personal information of the person they are impersonating as well as the victims of the attack
- The scammer sends a personalised spoof email to someone in senior management. The email looks completely legitimate and appears to come from the CEO or another trustworthy source.
- The email usually requires urgent action and instructs the recipient to transfer funds or follow a link to a fake website which may ask you to enter confidential company information, passwords or financial information
Red Flags
- Check the email address and domain names, these will be similar, but not identical
- Never enter your password to any site if directed from an email
- If an email from an external company seems even slightly unusual, call the office of that company to verify it was in fact sent from there
- Cyber criminals go for emotional triggers, be wary of emails alerting you of a prize, a bonus or refund due to you.
- You need to know when to click a link and when to delete it. You need to browse your emails will a smart eye.
Cyber criminals are becoming smarter, more organised and sophisticated. Companies like Mimecast are developing tools and that will help businesses build a Human Firewall. Targeted Threat Protection is intuitive, and when coupled with training, probably one of the strongest defenses available.
The training involves teaching you simple tricks, such as checking the URL, for example instead of ‘sars’ it may say ‘sar’. It is important that business decision makers do their part by educating employees about the dangers of sharing personal information using a malicious link.
Cybercrime is a serious threat, we all need to be more vigilant and think before we click
Mimecast was a speaker at an event attended by the staff of DUO Marketing, and is not a client of the company
