WHAT IS WHALING ATTACK?

Much like the freshwater or saltwater fisherman, cybercriminals target prey of all types and sizes in their phishing attempts. If each of us can be a victim of a phishing attempt, some cybercriminals target people who are more likely to make big money. Cybercriminals call these targets “whales,” meaning important people, such as presidents or company executives who are prime targets because of their position (agree with you: technically, we don't hook whales, but let's pretend…)

What is whaling attack?
Whaling-type attacks affect a large number of Canadian companies each year. Here's what you need to know to protect yourself and the people around you.

Phishing by email, text message or whaling

For various reasons, the world of cybersecurity is riddled with words that are metaphors for the world of fish and it's not always easy to navigate. So here's what it is:

Phishing is a type of cyber-attack by e-mail, text message or any other direct messaging service which attempts to imitate a legitimate source and which aims to induce the recipient to disclose personal information. When successful, these attacks can cause you to lose control over not only your account, but also your money and your identity.

Spear phishing is a type of phishing that uses information that appears to come from someone you know, such as a co-worker.

Whaling is a type of phishing that targets important people such as senior business executives or senior government officials. Since these people are likely to have confidential information, the stakes are much higher than in the case of a simple phishing attack.

Defend against whaling-type attacks

We protect ourselves from a whaling-type attack in the same way as any other type of attack by using antivirus software and following precautions. But because the stakes are so much higher, cybercriminals put a lot of effort into crafting messages that will successfully deceive their target. Therefore, it will be more difficult to detect that these messages are false.

So, before responding to a message, take the time to check for phishing clues:

Does the email address match the address of the person or entity the sender claims to represent? Does the address or domain name contain additional letters or numbers that should not be there?

Is the formatting of the message correct? Are there any spelling or grammatical errors that a legitimate sender wouldn't make? This kind of mistake can say a lot about the legitimacy of a message.

Does the message contain threatening language or ask you to respond immediately? Such urgent requests can be an indication of a phishing attempt.

It is relatively easy to gather information on the internet about the lives of people who have achieved real notoriety. Don't be fooled by some messages where the sender wishes you happy birthday, asks you how your vacation was or how your wife is doing. These messages do not always mean that the sender is trustworthy.

If you are not absolutely sure of the legitimacy of a message, try to reach the sender by means other than email, for example, by calling. It might seem tedious, but it could save you time and money.

Trust your team

When it comes to cybersecurity, a business is never better protected than its most vulnerable employee. You must therefore ensure that all employees, at all hierarchical levels of the company, are able to recognize a phishing attack. This is an essential condition to ensure the confidentiality of what must be… confidential.

As for the staff who work under the direction of senior management, they must be trained to recognize phishing attempts and whaling-type attacks. These people are the first line of defense against cyber-attacks.

Conclusion

Phishing attacks don't just consist of messages claiming that a foreign prince has made you his heir, or that you have won first prize in a contest or lottery. Whaling-type attacks are much more subtle and difficult to identify. This makes them all the more dangerous and this is the reason why you and your employees must remain vigilant.

Phishing attacks can deceive anyone, even the most tech-savvy. So make sure you know how cybercriminals work and how to recognize the signs of a phishing attempt so that you can protect yourself and your reputation and your organization.

Comments

Post a Comment

Popular posts from this blog

What Is the WeAreDevs Virus?

Image
This is another case of a purported virus that truly doesn't fit the definition of most computer viruses. It's not by any means malware, really. In any case, despite everything can be hazardous: While downloading a hack from that website, you could have effortlessly downloaded an adventure, too. Adventures are known tools of cybercriminals intended to exploit any security shortcomings on your computer. Since the endeavour could have been downloaded from the WeAreDevs webpage, it is known as the WeAreDevs virus when it tends to be followed back to that website. How Does the WeAreDevs Virus Work? Once installed on your computer, an endeavour helps genuine viruses and malware infiltrate your system. It's only a little bit of software or bit of code however it fundamentally powers open any holes on your system and lets malware effectively go through. Endeavours normally work by allowing the malware to divert you to a compromised website with imperceptible presentation pag...
Read more

WHAT IS BOTNET ATTACK?

Image
The number of cyber-attacks has grown dramatically in recent years. Hackers are targeting governments, businesses, and individuals around the world, and you may have unwittingly assisted them in carrying out their attacks. If you have ever clicked on a link in a suspicious email and similar emails have been automatically sent to all your contacts, you have surely been a victim, and an accomplice of a botnet. The definition: It is a word made up of the words "robot" and "network". A botnet is a group of computers remotely controlled and coordinated to carry out harmful tasks. A single botnet can be made up of between several hundred and several million computers, they are called “bots” (the word “robots” shortened). Botnets can access your computer through the installation of malicious programs, a direct attack by a hacker, or an automated program that scans the internet for security deficiencies (for example, lack of virus protection) that can be exploited. . If...
Read more

Original or Pirated Virus Protection Which Is Better

Image
The use of shields in computer systems has been used since IBM suffered the Creeper attack in 1972. To try to stop this, Reaper was developed in 1973. This is not virus protection like those of today, since they have evolved a lot. Despite their useful feature, many users choose not to pay for them and get pirated versions. So Genuine or Pirated virus protection, which is better? Also, updates to the system will not run on the illegally acquired version. That means: Stein would have to continue to load software from dubious providers - with the risk that viruses or Trojans are hidden here that search the computer for passwords for online banking, for example, and send them to the author. In a study, market observers from IDC found that a few years ago, websites that offer cracked software had spread 25 percent of malware such as Trojans at the same time. In the case of file-sharing networks, it was almost 60 percent. It often takes less than a day after a game is rel...
Read more