Many different types of phishing attacks take place out there in the world. Out of those phishing attack types, whale phishing has received a lot of attention. According to , thousands of people and companies become victims of whale phishing, resulting in frustration and financial losses.
Define phishing scam
Phishing scams take place to trick the targeted individuals and companies into achieving financial gains in the long run. For example, a specific company’s employees can be sent emails representing the senior management while asking them to donate to a specific charity. If the employees don’t double-check and make donations, they will be putting their money into a scammer who sent the phishing mail.
What is whale phishing?
There is a strong relationship between phishing and whale phishing. In fact, whale phishing is a targeted attempt, which has got the objective of stealing sensitive information that belongs to a company. Here, the hackers are interested in getting the personal information of employees or their financial information. They do it for malicious reasons.
Usually, the whale phishing attacks target the company’s senior management, who have access to all the information that scammers are looking for. In other words, CEOs, CFOs, and other top-level executives become victims of phishing whaling attempts.
This type of phishing attack is known as whaling due to the nature of its targets. In other words, the people engaged with whaling phishing are continuously looking for the whales to launch their campaigns. They pay careful attention when selecting the whales as well. That’s because they want to make sure that they get the best possible results out of the whale phishing efforts.
Are whale phishing attacks successful?
Yes, there is a high rate of success linked with whale phishing attacks. That’s mainly because the people who send out whale phishing emails become so careful that they make the fraudulent emails look like they originate from trusted sources. Due to this reason, the whales go ahead and open the emails without thinking twice. They realize that they have become victims of a whale phishing attack only after their sensitive information is stolen.
The websites and emails that are being used for whale phishing are extremely personalized. This is another prominent reason behind the high rate of success linked with them. They include the names, basic details, and job titles of the whales as well. Hence, the communications legitimately take place. It has also been identified that the attackers are spoon-feeding email addresses and real looking at corporate logos to make the attacks look like they are coming from trusted sources, such as banks, business partners, and government agencies.
The whale phishing attacks are somewhat difficult to identify when compared to traditional phishing attacks. That’s mainly because the whale phishing emails are extremely personalized. Moreover, those emails are sent only to a few selected targets or whales. If you look at the whale phishing examples, you will figure out how they are being done.
Usually, the people engaged with whale phishing engage with social engineering to get more information about their targets. Once all essential information is gathered, they go ahead with the attacks. Some of them use attachments or hyperlinks to infect the victims with malware. On the other hand, some use attachments or hyperlinks to gain access to their social information. Both these methods can lead the targets towards a lot of hassle and frustration in the long run.
With whale phishing, the hackers are provided with the opportunity to get their hands on extremely high gains. Hence, they don’t think twice before they spend too much time and effort on social engineering. It provides them with a lot of opportunities to consider in the long run as well. The attackers also use social media accounts, such as LinkedIn, Twitter, and Facebook, to get hold of the information that they need. Some of the useful details extracted from these social media networks include names of coworkers, job details, and company information. If they gather information as much as possible, they will guide the whale phishing attacks in the direction of success.
Examples of phishing whaling attacks?
It is possible to find many different instances to point out as examples of phishing whaling attacks. If you look at all these examples, you will notice that they are quite difficult to detect as scams. When you look at , you can easily figure out why it is.
Back in the year 2016, Snapchat became a victim of a whale phishing attack. As you already know, Snapchat is one of the most popular social media platforms. One of the highly ranked employees at Snapchat was sent by email, impersonating the company’s CEO. This email asked him to expose all the employee payroll related information. Since the email looked legitimate, the executive decided to share information with the scammer without thinking twice. It was a big blow for all the employees who were working for Snapchat. This incident was later reported to the FBI as well. To minimize the negative consequences created as a result of the incident, all the affected employees were provided with identity theft insurance for a period of two years.
A similar indicate place at Seagate during 2016 as well. The phishing whaling emails were sent to both current employees and previous employees of the company. This email was related to W-2 forms. More than 10,000 employees were affected by this. As a result, a lot of employees had to waste thousands of dollars on the scam.