Glossar / Whaling

Whaling

  • Lisa Fröhlich
  • May 17, 2024

Content

Whaling

Whaling is a form of cyberattack in which the attackers impersonate high-ranking executives or other authority figures to obtain sensitive information or money from companies or individuals. Unlike phishing, which is broad-based and targets a large number of people, whaling focuses on specific high-level targets such as CEOs, CFOs, or other key individuals in organizations. The attackers often use personalized information to increase their credibility and trick victims into responding to fraudulent emails or other communication channels.

Why is it called whaling?

The term “whaling” is derived from the English word “whale”. The analogy is that whaling attacks are aimed at catching the “big fish” or the “whales” in the company – these are typically high-ranking executives such as CEOs, CFOs, or other key people.

How does a whaling attack work?

A whaling attack typically has several steps:

  1. Target identification: Hackers select high-level individuals such as CEOs, CFOs, or other executives as their targets. They may obtain this information from publicly available sources, social media, or other databases.
  2. Information gathering: Attackers gather personal and business information about their targets to increase the credibility of their fake communications. This may include analyzing company websites, press releases, or social media profiles.
  3. Creation of fake communications: The attackers create a deceptively genuine communication, typically via email, purporting to come from a trusted source such as a supervisor or business partner. These emails may contain fake requests for confidential information, money transfers, or other actions.
  4. Sending the spoofed communication: The spoofed emails are sent to the selected targets, often with high urgency or using psychological pressure techniques to get the victims to act quickly without questioning.
  5. Response: If the victim of the attack responds to the spoofed communication, the attackers may steal sensitive information, request money transfers, or perform other malicious actions, depending on the targets of the attack.

The effectiveness of a whaling attack often depends on the persuasiveness of the spoofed communication and the credibility of the attacker posing as a trusted authority.

How companies can protect themselves

Companies can take various measures to protect themselves against whaling attacks:

  • Security training: Training and awareness campaigns for employees are crucial. Employees should be trained to recognize suspicious requests, especially those that contain unusual urgency or unusual requests for sensitive information or money transfers.
  • Two-factor authentication (2FA): Implementing two-factor authentication (2FA) for sensitive systems and applications can help secure access to important resources, even if credentials are compromised.
  • Email authentication: Using technologies such as DKIM, SPF and DMARC can help detect fake emails and prevent them from being sent on behalf of the organization.
  • Review of payment orders: Organizations should implement internal policies that require verification of payment instructions or other financial transactions, especially if they originate from high-level employees.
  • Security policies: Developing and implementing clear security policies and procedures, including approval of sensitive transactions and handling of confidential information, is important to ensure that employees know how to respond in potentially dangerous situations.
  • Technology solutions: Organizations can use security technologies such as email filtering and endpoint security solutions to detect and block suspicious activity before it can cause harm.

By using a combination of training, technology, and clear security policies, organizations can strengthen their defenses against whaling attacks and reduce the risk of successful attacks.

Difference between phishing, spear phishing and whaling

Phishing is a broad form of cyberattack in which the attackers send masses of fake emails, text messages, or other means of communication to large numbers of people. These fake messages often pretend to come from legitimate companies, government agencies, or other trusted sources and ask recipients to disclose personal information, access fake websites, or download malicious attachments.

Spear phishing is a targeted form of phishing in which the attackers focus their attacks on a specific group of people or an organization. Unlike broad phishing, where the messages are often generic, spear phishing messages are often personalized and contain specific information about the targets to increase their credibility. For example, the attackers may use information from publicly available sources or social media profiles to carry out personalized attacks.

Whaling is a highly specialized form of spear phishing in which the attackers select high-level individuals such as CEOs, CFOs, or other executives as their targets. The fake messages in whaling attacks often pretend to come from other high-ranking executives or trusted sources within the company or organization and may specifically target sensitive information or financial transactions. Whaling attacks are designed to maximize payoffs and can therefore be particularly sophisticated and convincing.

Examples of attacks

In 2015, Ubiquiti Networks, a network infrastructure and Wi-Fi solutions company, was the victim of a whaling attack. The attackers posed as employees of the company and carried out a fraudulent transfer of more than 40 million USD. This incident resulted in a significant financial loss for the company.

In 2016, FACC, an Austrian manufacturer of aircraft parts, was the victim of a whaling attack. The attackers posed as the company’s CEO and asked the finance department to transfer more than 50 million euros to a fraudulent bank account. Although the employees initially carried out the transaction, the fraud was later discovered and most of the funds were recovered.

In 2019, the toy manufacturer Mattel was the victim of a whaling attack. The attackers posed as the company’s CEO and asked the finance department to transfer a considerable sum of money to a fraudulent bank account. Here too, the transaction was initially carried out, but after the fraud was discovered, the funds were recovered.

20 Years of DDoS – a Brief Look at the Past and what the Future will Bring
Deloitte Technology Fast 50 Award: Link11 among the winners
X