'Whaling' threats target the big fish of the corporate world

Whaling has increasingly been in the news thanks to the ingenious ways a new breed of phishermen collect data to carry out scams and the move towards targeting business networking sites.

Vigilance is key

Cyber criminals will capitalise on every opportunity to exploit these new Web 2.0 technologies to commit fraud or extortion. Common sense is the biggest weapon against whaling, however scammers are employing increasingly sophisticated social engineering techniques and some of these scams can prove all too tempting, even to those who should know better. Human fallibility cannot be removed from the equation, so instead executives must be vigilant online. This is something that comes a little harder to the older generation, who are often less familiar with cyberspace and Web 2.0 technologies.

This link between business and social networking sites means caution is needed on two fronts. First, executives should be wary of accepting business contacts, even if they look legitimate. Secondly, it is sensible to include only minimal personal information on any networking site – you wouldn’t stand in the street handing out your data to everyone who walked past, so why display this information on networking sites?

The employer’s role

Businesses need to take a role here in ensuring employees are protected against these attacks. First employers need to implement comprehensive content security in order to control and manage both inbound and outbound traffic and to prevent whaling e-mails getting through to the intended victims. Over 15 different spam templates have been used by two criminal groups in the first half of 2008 alone, however, security solutions such as Clearswift’s anti-spam content analysis have provided effective defence on those occasions where the templates became known. Secondly, businesses must take on an educational role by having e-mail and Internet policies in place which govern the rules of usage but also educate employees on possible threats. Both an employer and employee must take on the responsibility to keep personal details safe and secure and out of the hands of cyber-criminals.

Tips to avoid getting hooked

  • Never click on a URL in a suspicious e-mail and never copy and paste a suspicious URL into the browser – it is likely the website will be riddled with malware which will install itself onto your computer.
  • Beware of e-mails which ask for confidential information, such as bank details or passwords. If you receive requests of this nature, call to check that the request is legitimate.
  • Be aware that banks and government organisations will usually communicate through post or phone, rather than e-mail.
  • Never respond to generic-looking requests for information. If your bank or ISP does communicate over e-mail, these e-mails should directly address you or your account.
  • Never use forms embedded within e-mail messages to disclose confidential information – communicate the information via phone or a known legitimate website instead.
  • Don't be pressured into divulging information. Whalers will try to scare their victims by pressuring them into submitting confidential data. They may threaten to disable an account or delay services until information is received. Always check with the organisation named by phone to see if the request is genuine.
  • Make sure a website is secured and is displaying a valid security symbol before entering confidential information via this site – a website’s address beginning with https doesn't necessarily mean the site is secure. Phishers may use URL masking techniques to mimic the secure address of an authentic company.
  • Check regularly for patches and upgrades to keep your browser and operating system up to date.
  • Ensure your computer is fully protected and make sure your security tools are comprehensive enough to protect against all online threats from whaling to viruses to nuisance spam.

Pete Simpson is a ThreatLab Manager at security solution provider Clearswift.

Join the newsletter!

Or

Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.

Tags whaling

More about Clearswift Asia PacificetworkFacebookiDefenseMicrosoftVigilance

Show Comments
[]