Earlier we explored the phenomenon of email phishing in an article called Does Your Email Smell Smell Phishy? Now there’s a new type of phishing attack called Whaling.
Phishing involves carefully crafted email messages designed to trick you into clicking on malicious links. Some of these links download malware onto your computer. Others send you to what looks like your online banking, but is actually a convincing imitation designed to relieve you of your logon details.
Whaling targets C-level executives with fraudulent messages that achieve a new level of credibility. The perpetrators exploit vulnerabilities of the Internet email protocol to send messages that look in every way like they’re coming from someone you know and trust – often another executive in your organisation.
A Whaling message can contain some or all of these telltale signs:
- The sender appears to be a high level executive who is making an unusual request.
- Sometimes you’re asked to make an international payment right away, or to accept a wire transfer request.
- In another version, you’re asked to reveal some sort of confidential information.
- Sometimes the sender asks you not to communicate with others about the matter.
- The request bypasses normal channels.
- The request might contain errors in grammar or syntax indicating the sender is non-native.
- The Reply-to address is something other than the sender’s email address.
Don’t become a Whaling victim
Here’s what you should do to avoid becoming the victim of a Whaling expedition:
- Be vigilant. If something about the message doesn’t feel right, consider it potentially fraudulent. DO NOT reply to the message. Instead, forward it to the sender to verify it’s authenticity.
- Slow down. Often time these messages are sent during the busiest time of the day in the hopes that you’ll have your guard down. If it looks suspicious take some time to verify it before responding.
- Notify Aerorock! We’ll investigate the incident and if necessary take steps to prevent its recurrence.
Recent Comments