5 Steps to Protect Executives from a Whale-Phishing Attack

Email     |     Share  
1 | 2 | 3 | 4 | 5 | 6 | 7
Next 5 Steps to Protect Executives from a Whale-Phishing Attack-2 Next

Email Security Training

Make email security training mandatory for key individuals.

While training employees at all levels within the organization is essential, senior executives and employees with access to funds and sensitive information require a special training session focused specifically on email security. These employees need to understand how to identify a malicious email, how to verify the sender, and the risks associated with sharing sensitive information or transferring funds based on an email request.

With the daily onslaught of news stories about companies losing millions of dollars to phishing scams, it is incredible to think that email security was practically non-existent as recently as the late 1990s. In fact, Yahoo Mail and Hotmail didn't roll out anti-spam and antivirus tools to the masses until 1999. (For those of the Gmail generation, that was back when @yahoo.com and @hotmail.com accounts were the "hip" alternative to mom and dad's @aol.com accounts.)

Obviously, spam filters and email antivirus scans rapidly became standard among email service providers and they continue to be in use today. Even though they have evolved to react to the latest threats, the problem is that these precursory email security solutions have never been proactive in helping to prevent future threats. The majority of these tools simply compare email contents to signatures of known threats.

One of the future threats that security solutions need to be able to address is whale phishing ("whaling"). Whaling is a type of spearphishing targeting "big fish" in an organization with access to sensitive, highly valuable information. Cybercriminals use this technique to lure senior executives or other key individuals to share valuable information or transfer funds to an account managed by the attacker.

To increase the efficacy of a whale-phishing scheme, cybercriminals will use spymail to gather intelligence on their victim before they move in for the attack. Spymail is an email that contains hidden tracking code that sends information about the recipient back to the sender. The recipient is unaware that such information has been shared with the sender, which allows the attacker to assess who opened the message, where the message was forwarded, the physical location of the user and more without being detected by the victim.

The best way to block spymail and help protect against a future whale-phishing attack is to invest in more advanced technology solutions. These solutions need to be supported with cybersecurity training, policies and procedures, among other precautionary measures.

In this slideshow, Paul Everton, founder of MailControl, has identified the top five ways to prevent a whale-phishing attack in your organization.

 

Related Topics : Unisys, Stimulus Package, Security Breaches, Symantec, Electronic Surveillance

 
More Slideshows

BitSightRansomware0x Ransomware: The Rising Face of Cybercrime

Ransomware is a legitimate threat, with estimates from the U.S. Department of Justice showing that over 4,000 of these attacks have occurred every day since the beginning of the year. ...  More >>

Security121-190x128 5 Ways CFOs Can Implement an Effective Cybersecurity Strategy

While cybersecurity concerns are widespread, finance remains one of the most vulnerable areas for malicious attacks. ...  More >>

infra100-190x128 Top 10 Strategic Technology Trends for 2017

Here are the top 10 strategic technology trends that will impact most organizations in 2017. Strategic technology trends are defined as those with substantial disruptive potential or those reaching the tipping point over the next five years. ...  More >>

Subscribe to our Newsletters

Sign up now and get the best business technology insights direct to your inbox.