Getting Harpooned by a Whale Will Not Make Your Day
Let ProtectIQ help you keep the whales in the ocean and out of your emails
Whaling is a type of scam aimed at getting you to transfer money or send sensitive information to a hacker acting as a trusted source via email. Whaling is extremely easy to fall for and can result in significant financial losses to you. Whaling can also be much easier to fall for than your typical phishing attack and has the potential to be much more destructive.
Whereas phishing scams target non-specific individuals and spear-phishing targets particular individuals, whaling doubles down on the latter by not only targeting those key individuals but doing so in a way that the fraudulent communications they are sent appear to have come from someone specifically senior or influential at their organization. Think of them as “big phish” or “whales” at the company, such as the CEO or finance manager. This adds an extra element of social engineering into the mix, with staff reluctant to refuse a request from someone they deem to be important.
The threat is very real and growing all the time. The payroll department at Snapchat received a whaling email seemingly sent from the CEO asking for employee payroll information. Last year, toy giant Mattel fell victim to a whaling attack after a top finance executive received an email requesting a money transfer from a fraudster impersonating the new CEO. The company almost lost $3 million as a result.
These whaling e-mails can be difficult to catch because they appear to be harmless, and have a normal, friendly tone and no links or attachments. They will appear to come from a high-level official at the company, typically the CEO or CFO, and often ask you to disclose sensitive information or initiate a wire transfer. Here are a few things to watch out for in a typical whaling attempt:
- Doppelganger: Whalers may utilize fake e-mail domains that look similar to a domain you know. Watch out for things like: email@variation-on-company-domain.
- A hurried tone: Whalers will often ask you to send money immediately, stating that they’re busy or in a meeting, and can’t do it themselves.
- E-mail only: Since whaling relies on impersonating someone via a fake, yet similar email address, they will ask you not to call with questions and only reply through e-mail.
If you receive an e-mail that you suspect to be a whaling attempt, or if you are unsure of an e-mail’s legitimacy, please do not respond. Remember, in general, no one from companies you do business with will ever request personal information, usernames, passwords, or money from you via email.
Cumberland Connect subscribers can add a secret weapon to their cybersecurity arsenal: ProtectIQ Network Security. With ProtectIQ™, you can have an extra layer of network-level security that helps protect all devices connected to your network. It leverages a large cloud database of known virus and ransomware threats. By looking for the specific signatures of these threats in real-time, ProtectIQ can terminate the transfer of data before a malicious payload is delivered to any vulnerable devices in the network. As new threats are emerging daily, the threat database is continuously updated to offer protection against the latest threats.
ProtectIQ is a network-level security application, included in the Peace of Mind Package, that works quietly in the background and proactively helps keep malicious websites, viruses, and intrusion away from your home 24/7/365. Learn more about ProtectIQ and the other great benefits of enrolling in the Peace of Mind Package by clicking here.
We want you to have an awesome experience online — and that means keeping your personal information safe and protected! We hope that spreading awareness and sharing these safety tips helps you stay safe online — and be sure to check out our blog to read more about common online scams to watch out for.
*ProtectIQ is not a replacement for traditional antivirus software, but rather, works together with your antivirus software by ensuring that Internet-connected devices like video cameras, Smart TVs, home automation systems, video doorbells, or any other “smart” devices in your home are monitored for web threats and intrusions. While ProtectIQ adds an extra layer of security to your Wi-Fi network, ProtectIQ is not a substitute for antivirus software, and our team recommends keeping anti-virus software as an add-on to ProtectIQ as it can help clean up any systems that are infected.
Sources: Calix
