Internet Phishers are transforming –by adopting more focused, more systematic levels of cyber-attacks. Due to the same reason, the terms Whaling and Spear Phishing are more or less common in the cyber security world.
What about a time travel and dig on the roots of these terms?
Yeah. Let’s proceed.
It was in the midst of 90’s, a new type of email scam “Phishing” bewildered the internet world. From then, almost 2 decades (still continuing), it’s been a favorite method used by fraudsters to get sensitive information.
As the cyber world advances through years, the nature and volume of phishing were also changing. Spear phishing was the first. It has been here for a long period of time. Its inception can be closely tied up with the rise of social engineering channels. And this can be simply defined as an “E-mail spoofing that targets a particular organization or individual for financial benefits or to access corporate or personal information”.
Norton quotes spear phishing like this.
“The spear fisher thrives on familiarity. He knows your name, your email address, and at least a little about you.”
It was in January 2015, Charles Harvey Eccleston, a former employee of the U.S. Department of Energy, had accused of attempting spear phishing emails to many of his colleagues. All those emails were embedded with malicious programs. The systems that Eccleston targeted were contained so much sensitive information. Eventually, the case grew to a federal crime level.
Below, you can see a sample spear phishing email.
Now Whaling. Perhaps, it’d be better to refer “gambling whaling” rather than sea whaling for the origin of this term. In gambling, high-stake rollers are generally known as whalers or more simply big fishes.
Whaling is somewhat similar to spear phishing in terms of its “targeting” nature. But, Whaling’s targeting is more specific – to executive levels. Whalers unlike common phishers, do not generally target bank credentials or financial assets (At least, visibly). The intention of most of the whaling attacks would be to divulge confidential company information.
Why does Whaling need to consider more seriously?
The content of a whaling email will be hard to ignore. It might be in the form of a consumer complaint, legal subpoena or something that looks like a credible message. The source of the email will be cleverly masqueraded from a legitimate business authority. It may contain either malicious attachments or links to destructive pages.
Whaling Attacks- The beginning
Perhaps, the first reported whaling incident would be 2008 FBI subpoena whaling scam. About 20,000 corporate CEOs were attacked on this planned strike. Out of this CEOS, about 2000 executives were forced to open the whaling link. As a result, a key logger was installed on victims’ machines, and it easily took their passwords. Many of their companies had to face repeated hacking incidents after this.
Here’s a whaling incident happened on 2010. After researching family backgrounds of a system admin, an attacker sent him an email on the discount of a premium health care plan intended for large families. Since admin had five kids, he couldn’t find anything wrong in opening the form associated with the mail. But, there was a malware embedded within the form. This allowed an attacker to intrude into admin’s corporate network and to access sensitive information easily.
Current Scenario of Whaling Attacks
Mimecast, one of the top email security providers had conducted a research in December 2015. Its results were the warnings of heightened whaling threats.
These are the results.
- Within the last three months, the volume of whaling attacks has increased to 55%
- Most popular type of whaling attack is Domain-spoofing (70%) while the least is top-level domain squatting (16%).
- 72% of the whaling attacks are pretended to be the CEOs.
- Gmail accounts (25%) are preferred by Whalers. Yahoo (8%) and Hotmail (8%) are also on the run.
Feasible Solutions a Company can take to Safeguard from Whaling and Spear Phishing Attacks
- Awareness to Action: Senior level executives of a company should aware of the possible consequences on the specifics of this attack.
- Client Certificates: Verify the authenticity of incoming emails by examining client certificates.
- DNS Alerts: You can opt for DNS alerting services to know if somebody registers a domain that closely resembles with your corporate domain. If possible, consider getting all the available TLDs for your company.
- Email Filtering: Setup an email filtering system for your company so that you can flag emails sent from close looking domains.
- Mock Tests: Carry out mock whaling attacks within your organization. It’ll be useful to see how vulnerable your company is.
What’s your suggestion to safeguard your company’s most valuable assets? Join a discussion on twitter with @safewithtech and @iambrianfelix.