What is "Whaling" and how to avoid attacks

Cyber-security has become an evolving issue with many companies falling prey to more sophisticated means of having their data breached and finances lost.  As knowledge of the effects of a cyber breach continues to become mainstream with statistics on cyber-security and numerous high profile breaches such as British Airways, T-Mobile US and Metro PCS  it can be said that prevention is better than the cure. 

What is Whaling? 

Whaling is a technique in which an email is sent by a spoofed or similar sounding domain name appearing to be a high-profile decision maker like the CEO or CFO in order to trick accountants or finance teams to transfer large amount of funds. This method usually requires a vast amount of prior research into the targeted business and an understanding of the business processes in order to employ the best strategy. Whaling attacks can often have disastrous consequences with a high profile whaling case costing two tech firms $100m. A whaling attack is often highly targeted and harder to spot than a generic phishing attack (here’s what to look out for in a phishing email).  To avoid becoming another whaling victim there are a few things you can do.

Establish verification procedures for transferring funds

Strong internal processes can go a long way in helping protect your business from cyber- hacks or whaling attempts. Establishing verification processes for any changes to a financial procedure or big purchases such as face-to-face or over the phone verification can eliminate a lot of uncertainty.  

Use Whaling Simulations for your employees to test knowledge and upskill

Whilst these processes can be beneficially it would be advantageous to set up a mock test for your internal to team to gauge how knowledgeable your key stakeholders are about their own cyber-security.  This could involve taking a well-known process your team performs like sending invoices and tweaking the process slightly to have it sent to a different address or at a different time. If this is not flagged or questioned by your internal team this will indicate that your team is not at the knowledge level you may need to keep your business secure. You can also get your business Cyber Awaremess Training to give yourself and your customers peace of mind.

Partner with a Security Expert

The safest option is to partner with an IT support team in order to make sure you are fully protected and safeguarded against any potential mistakes. As these threats increase in volume so does the sophistication of each potential attack and the higher level of potential damage it can do to your business and customers.  Advantage offer bespoke IT support to protect you from various issues and be there in case of a disaster.

If you are concerned about your own IT security why not check out our own Security Solutions or have Advantage IT Support to make sure that your current set up is up to scratch and up to date.

Want to hear more from us? Why not sign up to our marketing emails to receive the latest Microsoft updates, tips and tricks & much more straight into your inbox.