Whaling Attack (whaling phishing)
|
A whaling
attack, also known as whaling phishing or a whaling phishing
attack, is a specific type of phishing attack that targets high-profile
employees, such as the CEO or CFO, in order to steal sensitive information
from a company, as those that hold higher positions within the company
typically have complete access to sensitive data. In many whaling phishing
attacks, the attacker's goal is to manipulate the victim into authorizing
high-value wire transfers to the attacker. The term whaling stems from the size of the attacks, and the whales are thought to be picked based on their authority within the company. Due to their highly targeted nature, whaling attacks are often more difficult to detect than standard phishing attacks. In the enterprise, security administrators can help reduce the effectiveness of whaling attacks by encouraging the corporate management staff to undergo information security awareness training. How whaling attacks work The goal of a whaling attack is to trick an individual into disclosing personal or corporate information through social engineering, email spoofing and content spoofing efforts. For example, the attackers may send the victim an email that appears to be from a trusted source; some whaling campaigns include a customized malicious website that has been created especially for the attack. Whaling attack emails and websites are highly customized and personalized, and they often incorporate the target's name, job title or other relevant information gleaned from a variety of sources. This level of personalization makes it difficult to detect a whaling attack. Whaling attacks often depend on social engineering techniques, as attackers will send hyperlinks or attachments to infect their victims with malware or to solicit sensitive information. By targeting high-value victims, especially CEOs and other corporate officers, attackers may also induce them to approve fraudulent wire transfers using business email compromise techniques. In some cases, the attacker impersonates the CEO or other corporate officers to convince employees to carry out financial transfers. These attacks can fool victims because attackers are willing to spend more time and effort constructing them due to their potentially high returns. Attackers will often use social media, such as Facebook, Twitter and LinkedIn, to gather personal information about their victim to make the whaling phishing attack more plausible. Differences between phishing, whaling phishing and spear phishing Because ordinary phishing attacks, whaling phishing attacks and spear phishing attacks are all online attacks on users in order to gain sensitive information or to social engineer the victim into taking some harmful action, the three are often confused. A whaling attack is a special form of spear phishing that targets specific high ranking victims within a company. Spear phishing attacks can target any specific individual. Both types of attack generally require more time and effort on the part of the attacker than ordinary phishing attacks. Phishing is a broader term that covers any type of attack that tries to fool a victim into taking some action, including sharing sensitive information, such as usernames, passwords and financial records for malicious purposes; installing malware; or completing a fraudulent financial payment or wire transfer. While ordinary phishing attacks usually involve sending emails to a large number of individuals without knowing how many will be successful, whaling phishing attacks usually target one specific individual at a time -- typically a high-ranking individual -- with highly personalized information. Examples of whaling attack One notable whaling attack occurred in 2016 when a high-ranking employee at Snapchat received an email from an attacker pretending to be the CEO. The employee was tricked into giving the attacker employee payroll information; ultimately, the FBI investigated the attack. Another whaling attack from 2016 involved a Seagate employee who unknowingly emailed the income tax data of several current and former company employees to an unauthorized third party. After reporting the phishing scam to the IRS and the FBI, it was announced that thousands of people's personal data was exposed in that whaling attack. |
Let's remove this guy once and for all!
++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Good Netiquette And A Green Internet To All!
=====================================================================Tabula
Rosa Systems - Tabula Rosa Systems (TRS) is dedicated to providing Best
of Breed Technology and Best of Class Professional Services to our
Clients. We have a portfolio of products which we have selected for
their capabilities, viability and value. TRS provides product, design,
implementation and support services on all products that we represent.
Additionally, TRS provides expertise in Network Analysis, eBusiness
Application Profiling, ePolicy and eBusiness Troubleshooting.
We can be contacted at:
sales@tabularosa.net
or 609 818 1802.
www.amazon.com/author/paulbabicki
====================================================
Catfishing
From Wikipedia,
the free encyclopedia
Catfishing is a type of deceptive activity where a person creates a
sock puppet
social networking
presence, or fake identity on a social network account,
usually targeting a specific victim for deception.
Catfishing is
often employed for romance scams on
dating websites. Catfishing may be used for financial gain, to compromise a
victim in some way, or simply as a form of trolling or wish fulfillment.
Catfishing
media has been produced, often centering around victims who wish to identify
their catfisher
|
We can be contacted at:
===============================================================In addition to this blog, Netiquette IQ has a website with great assets which are being added to on a regular basis. I have authored the premiere book on Netiquette, “Netiquette IQ - A Comprehensive Guide to Improve, Enhance and Add Power to Your Email". My new book, “You’re Hired! Super Charge Your Email Skills in 60 Minutes. . . And Get That Job!” has just been published and will be followed by a trilogy of books on Netiquette for young people. You can view my profile, reviews of the book and content excerpts at:
www.amazon.com/author/paulbabicki
Anyone who would like to review the book and have it posted on my blog or website, please contact me paul@netiquetteiq.com.
In addition to this blog, I maintain a radio show on BlogtalkRadio and an online newsletter via paper.li.I have established Netiquette discussion groups with Linkedin and Yahoo. I am also a member of the International Business Etiquette and Protocol Group and Minding Manners among others. I regularly consult for the Gerson Lehrman Group, a worldwide network of subject matter experts and I have been contributing to the blogs Everything Email and emailmonday . My work has appeared in numerous publications and I have presented to groups such as The Breakfast Club of NJ and PSG of Mercer County, NJ.
Additionally, I am the president of Tabula Rosa Systems,
a “best of breed” reseller of products for communications, email,
network management software, security products and professional
services. Also, I am the president of Netiquette IQ. We are currently developing an email IQ rating system, Netiquette IQ, which promotes the fundamentals outlined in my book.
No comments:
Post a Comment