Unfortunately, these days most of us are very familiar with Phishing and Spear Phishing Attacks. Most often times hackers will target end users with a clever email that unwittingly opens an attack vector on the users machine.
Once hackers have get access to the network they poke around and try to get to key data to exfiltrate. Sometimes they are only targeting the individual for a credit card or other valuable PID. But in the caproate world their looking for critical info that they can sell or use to create fraudulent transactions.
Whaling is a similar type of attack except that it’s intended to attack those specifically at the C-Suite. These attacks are harder to detect because they are not mass delivered. The opportunity to identify malicious origination IP’s also takes much longer due to the extreme low volume of the e-mails being sent. Overall they are much harder to detect with traditional Mail Security and Anti-Spam Techniques.
Even though the number of Whaling attacks are low compared to Phishing and Spear Phishing attacks, they are effective because of the quality of the target. C-Level folks usually have more authority to authorize large dollar to payments hackers than an entry level finance person.
In a typical attack, a hacker identifies a business line owner or executive that has the authority to authorize large wire transfers. An urgent email is sent that requests that $100,000 needs to be wired to ABC Co. asap for a secret business acquisition deal.
Like most scams, time is of the essence. Hackers are hoping that the money will be sent based upon the email and that no one will want to “bother” the busy exec, who is usually in meetings or on the road.
Check out our webinar on CEO Fraud, Easy Money for Hackers.