Whaling: A Phishing Attack Targeting Your Executives

Almost everyone has experienced and knows what a phishing email is. The fake email about the Amazon package that wasn’t delivered, only you haven’t ordered anything from Amazon recently. Or the email from your uncle Jim stuck in another country saying he needs you to wire him money immediately, but you know Jim didn’t leave the country. But have you heard of whaling attacks?

What is a whaling phishing attack?

Whaling is a specific kind of spear phishing attack that targets key personnel in an organization, like the CEO or CFO. The term “whaling” was designed to make you think of the biggest fish. Attackers in these scenarios often conduct considerable research on their targets, then wait for the perfect opportunity to set the bait and steal login credentials or other sensitive information.

Why are executives targeted?

This kind of phishing is particularly dangerous because senior executives have unique characteristics in comparison to the rest of the organization. It’s not just that their office may be a little bigger, executives often have elevated privileges and the ability to access money or proprietary information about the business or its employees. Even with this elevated access, we sometimes find executives have fewer technical controls and cybersecurity training than the average staff. Many times, executives are granted exceptions that other people are not.

What can we do to protect ourselves?

Here are five things you can do to protect your business from whaling:

  1. Ensure all employees, even executives, go through security awareness training and testing. While executives may ask to be exempt from these trainings or phishing tests, they are probably the most important to train.
  2. Verify the legitimacy of requests for money or sensitive information through another method. Before responding to an email asking for these things, give the sender a call or go directly to your account to verify if the message is legitimate.
  3. Implement email scanning and filtering technologies to scan emails for malicious attachments or links. While this type of technology is not 100% accurate, it can help identify and filter out many attacks from reaching executives in the first place.
  4. Use Security Operations Center (SOC) and Security Incident and Event Management (SIEM) monitoring solutions to help identify unusual behavior or activity on your network and your executives’ accounts.
  5. Require multi-factor authentication (MFA). While MFA will not reduce the likelihood of getting phished, it could help reduce the damage if credentials become compromised.

What if I fall victim to a whaling phishing attack?

If you believe you may have inadvertently clicked a link or opened an attachment from a phishing email, there are several steps you can take immediately to help mitigate the damage.

  1. Disconnect your computer from the network and/or the internet. This can help stop any possible malware from downloading or spreading.
  2. Alert your IT or cyber team immediately. This allows your team to review logs, analyze the attack, and take appropriate steps to stop and reduce the damage of the attack.
  3. Ensure your computer or mobile device has not been compromised. Your IT team may do this by running anti-malware scans, reviewing logs, or rebuilding the device.
  4. Change login credentials and passwords for potentially compromised or highly sensitive accounts.
  5. Report the whaling phishing attack to key partners or government agencies as applicable.

About the author

Russ Horn is the President of CoNetrix, a premier information technology consulting and cybersecurity testing company.

Russ Horn is the President of CoNetrix, a premier information technology consulting and cybersecurity testing company. To learn more about CoNetrix, visit www.conetrix.com