Home
Whaling phishing attacks
Welcome to the new year and another type of social attack whereby people are trying to scam money from organisations.
A whaling attack, also referred to as a whaling phishing attack, is a type of social engineering attack specifically targeting staff within an organisation that would have the ability to be able to transfer money or make changes in some way that would allow the scammer to fraudulently get money out of your organisation.
This is an example of how it can work (Mostly a true story some details changed to illustrate relevant points):
An attacker will visit your company website find out the name of the CEO or admin staff or even the wages person. They work out what that uses email addresses is, which they can usually pretty easily guess even if it's not displayed on the website itself. Let's call her Karen.
Then they find the name of another employee let's call him Tony. Then the scammer sends an email to Karen pretending to be Tony asking that they transfer money into a certain account or change the account that the wages are paid into or some version of this limited only by your imagination.
Once the wages person Karen receives the email she diligently processes it. Replies to say that it's been done (which of course goes back to the attacker) and a month later Tony can't understand why his wages haven't gone in.
Here is a couple of emails that illustrate this exact scenario except that the attacker sent the email to the office manager who then sent it on to the wages person adding more credibility to the claim because the wages person had legitimately received an emailed set of instructions from the actual office manager.
Here is more detail on the type of attack:
https://www.cisco.com/site/us/en/learn/topics/security/what-is-a-whaling-attack.html
These types of attacks can be very difficult to spot because the attacker has sometimes invested considerable amounts of time learning about staff within an organisation. Who the appropriate person to attack is and how to make their claim seam believable. It also doesn't require that they gain access to anybody's email because you can reasonably convincingly just send an email from Gmail as has been done in the images below.
Be on the lookout for this type of attack and if you are one of my customers and would like to discuss any more details please contact me.
In this instance the attacker even set a follow-up message to the second staff member.
About the author
Comments
Welcome:
digitalwelcomemat now has a blog!
Subscribe for the news as it happens, call me for support on 0404 493 770 or access my remote support solution here: http://help.digitalwelcomemat.com/
Digitalwelcomemat provides IT consultancy and services for business customers on the NSW Central Coast in Australia.
Search
Articles
- How to test your UPS
- Identify IT things!!
- MFA - User setup for Microsoft 365 (2 of 2)
- MFA - User setup for Microsoft 365 (1 of 2)
- The “don’t forget list” when buying a new desktop PC
- Macrium Reflect backup image restore process
- Changing the disk mode from RAID to 'standard'
- The “don’t forget/decision making list” when buying a new laptop
- Restoring an MBR System image to UEFI/GPT (Macrium reflect)
- How to disable Office 365 updates
- Problems 'saving-as' from Adobe reader?
- How to Install Microsoft office from the web (office 365 version)
- Reset your Windows 10 PC
- How to add a printer and avoid it being a "web services device"
- How to logon to work with remote desktop and access files on your "local" hard drive".
- How to install a certificate in Windows 10
- How to find your computers name (Windows 8.1 & 10)
- Create an email "rule" in MS outlook
- Syncovery backup config guide
- How to do a manual Hyper-V failover
- How to connect to Exchange server with Outlook
- Identifying monitor connection plugs/sockets
- Acronis system backup from a boot disk/USB
- Update a software "driver" for a device (from Microsoft)
- ADSL2 Modem router settings for common Australian providers
- Selecting the default sound device on Windows
- How to activate NOD32 antivirus
- Apply an email signature in Outlook
- Upgrade Windows 10 from Home to Pro
- Manually running Windows updates in Windows 10
- 32Bit or 64Bit Windows?
- Default printer keeps changing?
- How to lock, log out or switch user in Windows 10
- Access your virtual machines/servers
- Uncompress a file that has been compressed in Windows
- Locate your email header information
- Perform an Internet speed test
- Allow digitalwelcomemat to connect remotely to your PC for support
- Rename your PC (Windows 10)
- Open a MS Outlook mail file backup PST file
- I only have 128GB/256GB hard drive space where is the rest?
- Changing file association
- Setup a new user in MYOB account right
- ADSL filters
- Setup an additional mail account in Outlook, option B
- Network discovery turned off "feature"
- Change Windows 8 text size
- MS Word document word count - Word 2013
- Setup or upgrade Windows 8.1 without a Microsoft Account
- How to "remote desktop" to another computer (Windows 8)
- Upload a private [unlisted] video to youtube
- How to update NOD32 serial number
Contact:
Give me a call: 0404 493770