* This article is part of a sequel on Social Engineering Attack Types and how to avoid them. You can read our previous article about spear phishing, here:  (https://web.aumint.io/spearphishing-spear-phishing/).

Whaling is a sophisticated and specifically targeted business email hack that can easily compromise an enterprise.


How does WHALING works?

The hacker target a high-level decision maker in an organization, such as CEO, CFO or other executive.
And does an extensive research to gather details about this target.

The hacker collect the accurate details from various sources such as recent news, reports, social networking, social media sites or the dark web and creates a highly informative and accurate victim profile.

Based on the details that were gathered – the hacker create an authentic and legitimate looking emails, that aim easily fooling the recipient to take an action.

The most common ways in which hackers use Whaling are:

Requests for changes to vendor payment accounts

Vendor impersonation

And critical look alike documents that are attached to the email.

This deception can result in:

Direct diversion of funds from the victim’s company to hackers account.
And/or opening the enterprise to download a malware and/or malicious code.

Most Whaling attacks are delivered by an e-mail.

How can you avoid of becoming a whaling victim?

You should be alert and:

  • Do NOT click on embedded links in an email.
  • Check-in directly with the ‘sender’.
  • Upgrade your email system to:
    • Apply algorithms to detect malicious email
    • Apply robust authentication processes
    • Analyze domains, IPs and header information
  • Use a common sense: for example : it is highly unlikely for a legitimate request asking to change payment accounts to be sent directly to a senior executive
  • Train with AUMINT.io