By targeting low level employees, scammers can gain general access to a business’s inner workings. But if that scammer instead chooses to target high level executives, they would gain complete top down access to an entire business’s operations.
A whaling attack is a targeted attempt to steal sensitive information from a company such as financial information or personal details about employees, typically for malicious reasons. A whaling attack specifically targets senior management that hold power in companies, such as the CEO, CFO, or other executives who have complete access to sensitive data.
Called “whaling” because of the size of the targets relative to those of typical phishing attacks, “whales” are carefully chosen because of their authority and access within the company. The goal of a whaling attack is to trick an executive into revealing personal or corporate data, often through email and website spoofing.
Sending malicious emails hasn’t changed, but the end target has. As they say, “go big or go home,” and that’s exactly what scammers are now doing.
Here are tips to prevent and prepare for potential whaling attacks:
+ Be wary of short, generic messages. Scammers won’t write a long email, they’ll try to pass off something short and generic as harmless, hoping you’ll click quickly without thinking.
+ Double check before clicking or downloading. A mouse click is all it takes to inadvertently grant access to your computer, accounts, and information, or better yet unleash malware on your systems.
+ Think about how you share. Never send sensitive, personal, or proprietary information via email regardless of who’s asking you for it.
+ Watch out for emails to groups. Sending a malicious email “from the CEO” to a staff or employee email list is the fastest way for a scammer to attack and affect an entire business.
+ Report it to Scam Tracker. This free resource provides a place to research and submit scam related information so BBB can investigate and educate consumers further.