People inside and outside business have heard of “phishing” attacks, where a cyber criminal steals information or the identity of someone through the internet, but a new type of attack referred to as a “whaling” attack has emerged as yet another online hazard for small businesses, as well as large corporations. As your IT services company, we’ve got everything you need to know about whaling and how it could effect your business.
As the name might suggest, a whaling attack is similar to a phishing attack in that it’s considered a type of social engineering. A cyber criminal will pose as an individual who owns a company – someone like a top-level executive. A senior executive at a company is considered a “big fish,” which is why the con is named a whaling attack.
Sometimes, the person committing the crime will pose as an actual executive and will use an email address that is almost exactly like the real email address the real life executive might use. The cyber criminal will email someone within the company using the fake email address and ask the employee to forward money to the account of a vendor, business partner, or someone else with whom the company does business.
As you might suspect, the account doesn’t actually belong to someone who is a business partner of the company, and it actually belongs to the criminal. Unfortunately, even if the company or its employee realizes that a crime has taken place, it’s often very difficult, or even impossible, to retrieve the money.
Every company should develop a strong and smart cybersecurity plan that features updated security features like two-factor authentication, a knowledgeable information technology manager (or department), and updated virus protection software.
To further prevent whaling attacks, employees should be made aware of the potential for these attacks and be taught to double-check suspicious requests for money or information. Any request for money that is made through email and isn’t made in person should be double-checked to confirm it’s a legitimate request.
One easy way to prevent this crime from occurring is to implement a blanket rule on money transfers. No employee should transfer money or arrange to transfer money before following up with the executive or manager on the phone or in person.
Employees today are commonly very busy and may not realize the small difference in the email address that sent a whaling attack. By requiring all employees to double-check money transfers, a company can virtually prevent these whaling attacks.
If you think that no one can be gullible enough to fall for one of these attacks, you’d be wrong. A company in Austria fired its CEO and CFO after a whaling attack cost the company 40 million Euros.
“The CEO of an Austrian aircraft parts manufacturer has been sacked after the company lost €40.9 million (£31 million) to a whaling attack.”
Cyber criminals today have many tools at their disposal to defraud your business and steal your livelihood, and it’s essential to employ a well-rounded program of security features. Whether you oversee a thousand employees or ten employees, Magnet Solutions Group can help you develop the best managed IT and computer security plan for your business.