5 Steps to Protect Executives from a Whale-Phishing Attack

Email     |     Share  
1 | 2 | 3 | 4 | 5 | 6 | 7
Next 5 Steps to Protect Executives from a Whale-Phishing Attack-4 Next

Establish Secure Fund-Transfer Procedures

Considering many whaling attacks attempt to persuade the victim to send company funds to an account controlled by the attacker, establishing clear-cut fund-transfer procedures can help mitigate the risks of unknown users gaining access to company financial information. For instance, companies can require employees to make all fund requests through a secure banking portal with two-factor authentication enabled.

With the daily onslaught of news stories about companies losing millions of dollars to phishing scams, it is incredible to think that email security was practically non-existent as recently as the late 1990s. In fact, Yahoo Mail and Hotmail didn't roll out anti-spam and antivirus tools to the masses until 1999. (For those of the Gmail generation, that was back when @yahoo.com and @hotmail.com accounts were the "hip" alternative to mom and dad's @aol.com accounts.)

Obviously, spam filters and email antivirus scans rapidly became standard among email service providers and they continue to be in use today. Even though they have evolved to react to the latest threats, the problem is that these precursory email security solutions have never been proactive in helping to prevent future threats. The majority of these tools simply compare email contents to signatures of known threats.

One of the future threats that security solutions need to be able to address is whale phishing ("whaling"). Whaling is a type of spearphishing targeting "big fish" in an organization with access to sensitive, highly valuable information. Cybercriminals use this technique to lure senior executives or other key individuals to share valuable information or transfer funds to an account managed by the attacker.

To increase the efficacy of a whale-phishing scheme, cybercriminals will use spymail to gather intelligence on their victim before they move in for the attack. Spymail is an email that contains hidden tracking code that sends information about the recipient back to the sender. The recipient is unaware that such information has been shared with the sender, which allows the attacker to assess who opened the message, where the message was forwarded, the physical location of the user and more without being detected by the victim.

The best way to block spymail and help protect against a future whale-phishing attack is to invest in more advanced technology solutions. These solutions need to be supported with cybersecurity training, policies and procedures, among other precautionary measures.

In this slideshow, Paul Everton, founder of MailControl, has identified the top five ways to prevent a whale-phishing attack in your organization.


Related Topics : Unisys, Stimulus Package, Security Breaches, Symantec, Electronic Surveillance

More Slideshows

Social14-190x128.jpg 10 Ways to Improve Your Social Media Security Policy and Posture

When phone calls, video conference information, pictures, chat logs, etc. are all stored in a central location via social media, a potential hacker has access to just about everything, quickly and easily. ...  More >>

Security120-290x195 5 DDoS Myths Debunked

Unearth the real story behind five commonly held myths about distributed denial-of-service attacks. ...  More >>

Security119-190x128 8 Tips for Ensuring Employee Security Compliance

IT security ultimately depends on making sure employees use the appropriate tools and comply with policies designed to protect them and their data/applications. ...  More >>

Subscribe to our Newsletters

Sign up now and get the best business technology insights direct to your inbox.