Whaling
is called whaling, a form of phishing attack on top managers and business owners. The attack is preceded by meticulous preparation and careful selection of its victim.
Today, social networks such as LinkedIn or Twitter help to get to specific people and it is very easy to get information to the company directors themselves.
This type of email attack often uses clever tactics to attract attention, using both social engineering and artificial intelligence. Attackers pose as trusted individuals or institutions.
A typical example is clicking on a fake link of a planned Zoom conference with an important business partner, which then triggers the installation of malware and through the obtained data of a person with signing rights, the attacker performs irreversible financial and reputational operations (e.g. on the organization’s bank account or when transferring highly confidential documents to unauthorized recipients).
Many times hacker groups attack with the intention of providing sensitive data for a fee to the government and competing private companies, etc. This commercially sensitive information is then used for various acts of espionage, stock market manipulation and more.
We recommend regular training not only for regular employees, but also for management and business owners. If you are one of the lucrative companies with highly sensitive information and the potential for future misuse, a sophisticated network security architecture is unavoidable.
Specific recommendations:
- before clicking on the link, please check the origin of the email and the sender by phone
- effectively distinguish emails that do not originate from company communications
- Segment your network and use only two-factor authentication to access critical data (HR, operations, manufacturing, finance)
- from time to time, ask specialists to send mock whaling emails to your employees, either as part of a separate social engineering test or specific penetration tests
