When you hear the term 'Cyber Whaling Attack', maybe your mind goes to Captain Ahab and his dogged pursuit of the giant white whale in the classic novel, Moby Dick. And you would be right.
Except, in this case, you - the manager or executive - are the whale that's hunted. Why? Because you have high-level access to your company's IT environment, personnel records, client files, financial information, and proprietary data. You are the whale that the cybercriminals want to land - because you have unprecedented access.
Cyber Whaling is Different than Common Phishing Attacks
Phishing can be broken up into three categories:
- Phishing - Emails with malicious links, attachments and social engineering ploys sent out en-masse to hundreds of thousands of email boxes
- Spear Phishing - Targeted mails with malicious links, attachments and social engineering ploys sent out to one individual to gain a specific result
- Whale Phishing (Cyber Whaling) - Top-level company execs or managers with admin access are targeted individually for the purpose of extracting sensitive information or authorising fraudulent transactions
Tips to Protect Yourself:
1. Verify all requests - Always verify requests for sensitive information or financial transactions through a second channel, such as a phone call to a known number.
2. Be suspicious of urgency - Be wary of urgent requests that bypass normal procedures. Attackers create urgency to prevent you from thinking clearly.
3. Implement strict approval processes - Have multiple approval requirements for financial transactions and sensitive data access.
