Whaling – a dangerous new cyber threat

One of the most recent cyber security threats to come to our attention is the ‘whaling’ scam. This is a highly personalised form of phishing used to trick victims into giving away sensitive information and access to networks.

What is it?

Most phishing scams target a wide range of people and hackers will send their scam emails to a large number of recipients. However ‘whaling’ is different in that cyber criminals approach one ‘high value’ target with a highly personalised message instead.

Ubiquiti Networks, a provider of high-end wireless networking products, recently fell victim to a whaling attack which resulted in losses of $47m (£30m) for the company.

How does it work?

Although Ubiquiti did not disclose exactly how this particular whaling attack took place, a common technique that is used is to impersonate a company email address by registering and using a similar email address to that of an important employee. Often the difference in the email address can be very small and hard to spot such as replacing a letter with a digit or adding a hyphen.

They are also less likely to be picked up by spam filters. Most spam filters are triggered when coming into contact with an email that has been sent to high numbers of recipients, but as whaling scams are more personalised, they tend to be sent to a smaller number of people, thus they are more likely to slip through the net.

How can I protect my business?

Education is very important and employees at every level of your company should know how to spot the signs of a scam and should be aware of the latest threats and vulnerabilities. You should also be careful with the type of information that is freely available on your website. Scammers will typically ‘scrape’ high numbers of websites in an attempt to find email addresses and contact information for big targets such as CEO’s, accountants and directors.

You should also ensure that your anti-virus / malware software and internet software is always kept up to date. The hacking techniques used by cyber criminals are evolving daily and it is important that you take steps to protect your business and have software to react to the latest threats.

Here at ECL we have extensive experience in protecting companies against the latest malware, computer hacks, viruses, spam, phishing scams and other threats and can advise you on the best methods of protecting your business. To find out more, please call us on 01268 575300 or email us on info@ecl.co.uk