Skip to main content

Financially Motivated Whaling Attacks

January 14, 2016

In a previous blog post, a colleague discussed a wire transfer fraud attack aimed at a company’s CFO. He stressed the importance of having the proper people and process control strategies in place to help protect your organization and laid out important tactics you can add to your policies to prevent fraud. It was stated that you should not rely solely on technology to protect your organization, which is true, but it is an important component.

On any given day, many people receive hundreds of emails. But when an employee receives an email from their CEO, CFO or another senior executive, they are more likely to notice and respond. Unfortunately, this natural human behavior is exactly what malicious actors are exploiting in the latest “whaling” attack.

Whaling is a focused phishing email targeted against senior executives of a company, or those with special access to information (aka the “big fish”). Recently we have seen an uptick in a type of whaling attack targeted against individuals in finance. An individual (e.g. the CFO or head of accounting) who is authorized to handle money receives an email from an attacker (posing as a senior executive) looking to steal money by asking to initiate a wire transfer. If the individual takes the bait, the impact of a successful attack is obvious in the monetary loss to the company.

While the list is long, there are some key things that can be done from a technology perspective to mitigate this social engineering threat.

  1. Whitelist your domain with trusted applications. It is important to make sure your company’s domain can only be used to send emails with a special list of providers. These include third-party applications that you use to conduct business and need to send out alerts to employees.
  2. Tag emails coming from outside of your organization. We ask a lot from our employees and security is not always remembered. To help your employees you can implement an email rule that tags any external emails sent to employee inboxes. Receiving this notification triggers employees to exercise more caution than they normally would with an internal email. Communicating the change to employees and explaining how they should handle external emails differently than internal emails is key.
  3. Monitor brand and domain infringements. You should have strategy in place to handle domains similar to your company’s. This can include a combination buying the domains, blocking them, or monitoring them for suspicious activity. You should also be prepared to send cease and desist letters for those who attempt to impersonate your brand and take additional legal action if necessary.

Fraud is not new, however, it is continuously evolving. Even this latest attack has been evolving over the last few months. It started out targeting domestic operations, but we have seen the strategy shift to target international employees that handle back office authorizations for money transfers. This is why it important to implement company-wide security strategies that include all three components: people, process and technology.


    Ping Look

By: Ping Look

Executive Advisor, Security Communications and Awareness

See More

Related Blogs

May 20, 2013

Tip of the Spear: Phishing or SpearPhishing?

Ever wonder what the difference between phishing and spearphishing is? What about whaling? As someone in the information security business, I get ask...

See Details

April 24, 2013

Cyber Security Flaws We All Know and Love

Joseph Belans provided an excellent presentation at BSides titled "Hacking like it's 1999: Security Flaws We All Know and Love." Below is a video rec...

See Details

June 24, 2016

Threat Advisory – Single Sign-On Phishing

Recently, Optiv’s Global Threat Intelligence Center (gTIC) identified an active phishing campaign against the education sector, in which attackers are...

See Details

How Can We Help?

Let us know what you need, and we will have an Optiv professional contact you shortly.


Privacy Policy

Related Insights

July 21, 2015

Data Security Solutions

Learn how we can help secure your date throughout its lifecycle.

See Details

July 21, 2015

Network Security Solutions

Learn how we help protect your environment while maintaining connectivity.

See Details

July 21, 2015

Application Security Solutions

Learn how Optiv can help with web, email and application protection.

See Details

Stay in the Know

For all the latest cybersecurity and Optiv news, subscribe to our blog and connect with us on Social.

Subscribe

Join our Email List

We take your privacy seriously and promise never to share your email with anyone.

Stay Connected

Find cyber security Events in your area.