Social engineering attacks: What is a whaling attack?

Darren Craig Darren Craig / November 16, 2021 / Cyber insurance

In 2016, FACC CEO Walter Stephen fell victim to a whaling attack where fraudsters used his credentials to authorise a substantial cash transfer that cost the corporation over $56 million. 

In the same year, a prominent Seagate executive suffered a similar data breach, exposing employees’ W-2 forms. Over 10,000 current and former Seagate workers had sensitive information, such as their income tax data, exposed to fraud and theft.

These incidents highlight how dangerous whaling attacks are because of the immense damage they cause to revenue, business reputation, and employee safety. Unfortunately, research shows that the frequency of these attacks is increasing.

Studies show that whaling attacks have increased by 131% from 2020 to 2021, costing organisations over $1.8 billion in damages.

As whaling attacks become more frequent, developing effective cybersecurity measures to prevent these attacks is crucial for business reputation, revenue, and employee safety. 

Why are whaling attacks happening so frequently?

Similar to many social engineering attacks, whaling involves obtaining personal information by sending a spoof email from an email address that is most often from a source the target trusts. The objective is to siphon money away from the company or obtain personal information. 

Despite some superficial similarities, however, whaling is slightly different from phishing and spear phishing. While phishing targets thousands of employees at once, whaling is highly targeted and specific, aimed at a high-ranking executive like a CEO. 

This distinction is important because it explains why whaling attacks are frequent. Unlike phishing attacks, cybercriminals try to make their impersonation as targeted and convincing as possible.

They search social media for contact information, learn company email address structures, study email signatures, gather company information on third-party vendors, and obtain other important details to plan a whaling email attack that reads like an authentic message.

Given the specificity of the email, high-level targets are more likely to be duped, which leads to them sharing information with cybercriminals.  

With most organisations working remotely during the pandemic, high-level executives are also more dependent on digital communication channels to conduct business, which makes social engineering attacks a popular attack method during this time.

What are the best practices for reducing whaling cyberattacks? 

Preventing whaling emails is challenging because they mirror genuine emails, but there are effective measures that can improve security and mitigate the damage from a malicious email. 

First, it is important to note that whaling cyberattacks are social engineering attacks, meaning that security measures to block phishing can apply here as well. 

Investing in training for senior staff to identify spoof emails will help reduce whaling incidents. In addition to raising awareness, consider improving email verification protocols. 

Investing in DNSSEC, DMARC, DKIM, and SPF settings prevent email spoofing and even flag external emails. Data protection software that can detect data leaks and secure credentials is also recommended as an extra layer of protection. 

In addition to security measures, it is also best to establish protocols to verify specific processes. This ensures that no employee, not even senior executives, can perform certain functions without verification through another channel. 

High-ranking executives read hundreds of emails every day, applying a secondary security process can ensure that no lasting damage is done even if the senior executive misses the signs of a whaling attack email. 

Finally, you should improve vendor security. Whaling attacks do not have to come from your domain, if vendors are handling sensitive information, then cybercriminals can access this information using the email structure of your vendors. Investing in a vendor risk management solution gives you greater control over who has access to data and what they might do.

Preventing whaling cyberattacks and creating a secure environment

Whaling cyberattacks will become more prominent in the future because they are such lucrative targets for cybercriminals. 

To prevent costly damages and protect your business reputation, you need to expand cybersecurity measures and invest in additional verification processes that can protect your business from whaling email attacks. 

Expanding your cybersecurity mechanisms to regulate the exchange of messages may be a critical investment in the years to come.