What is Whaling and CEO Fraud
Whaling in this context is not about Moby Dick and chasing around the northern oceans with a harpoon, but it is about the attempt to catch a big fish. CEO fraud or whaling has become one of the fastest-growing means of phishing and is worth knowing about. This article will detail what it is and why it has become so popular.
Whaling or SEO fraud
Whaling is a highly targeted phishing attack that is aimed at the top executives, board members, or those with access to the bank accounts of a firm or company. It is generally quite a sophisticated phishing cybercrime in that it requires a great deal of time and effort to gather the requisite information to make this type of fraud possible. As with other types of phishing, the end goal is to con victims into downloading malware, transferring money, or providing access to sensitive information. However, as the name suggested, CEO fraud is incredibly specific and only targets the very top layer of the business. Either senior management details are gathered to convince others in the company that the hacker is the CEO or the CEO is targeted with malware or an email request.
One of the key examples of a whaling attack was in 2016 when the CEO of an Austrian aircraft parts company, FACC, fell for a con that cost the company 41 million Euros. The fraud consisted of a hacker using the CEO’s details in an email to another employee with payment authority approving massive payments for a fake project. It was known as the fake president incident and typifies what can happen when the CEO is targeted.
How social media is driving the whaling trend
One of the main reasons that whaling has become so popular among cybercriminals is social media. It is now possible to research and find out enough information online in social media forums, platforms, and posts about business people to be in a position to spoof them to the detriment of the business. The level of research that is done is remarkable and it is generally from sites such as LinkedIn, Facebook, and corporate web pages that hackers are able to gain as much information as they need to either impersonate the CEO or convince them to click on links in a very personal email.
As noted by Proofpoint, CEO Fraud is a type of phishing that is gaining prominence simply because of the vast sums of money that have been associated with this type of cybercrime. Furthermore, these breaches are also so well-publicized, causing more interest in such phishing.
It is thus a double-edged sword in that social media is useful to promote and develop the business and individual but can then be used to drive CEO fraud and whaling.
The first way to avoid such fraud from happening is to ensure that your business has a professional dedicated cybersecurity team. Email authentication and a zero-trust protocol are just two of the essentials that a security system requires. Look out for pressure to act from emails and check all the branding on emails that you have opened. CEO fraud and whaling have gained prominence for the simple fact that they can yield massive results for the criminals if successful. Knowing what to look for and being aware of this type of cybercrime is essential and must be communicated as widely as possible within the business.