A Whaling attack is a specific type of phishing attack that targets high-profile employees, such as the Chief Executive Officer or Chief Financial Officer, in order to steal sensitive information from a company.
In many whaling phishing attacks, the attacker’s goal is to manipulate the victim into authorising high-value wire transfers to the attacker.
For example, the attackers may send the victim an email, often incorporating the target’s name, job title or other relevant information, collected through various sources to appear to be genuine.
To minimise the possibility of being a victim of such techniques:
- Use a spam filter which will block the majority of unsolicited emails from ever making it to your inbox;
- Always verify the email address of the sender – not just the sender’s name;
- If you receive an email from a person you know but the content of the email seems suspicious, do not reply. Contact that person separately;
- Do not open any attachments from senders you don’t know or are not expecting;
- Do not click any links before verifying where the link will take you;
- Never provide sensitive information on a website unless you are sure that the website is a legitimate one and has legitimate reasons to ask for such information;
- Train your staff in how to recognise common impersonation tactics.
- Make sure you are not redirected – i.e. you are unknowingly taken to a different website which has an identical design to the one you are expecting;
As part of the Cyber Security Malta, Tech.mt collaborates with the Malta Information Technology Agency (MITA) and the Malta Digital Innovation Authority (MDIA) to deliver educational video episodes about Security in the Digital Economy towards a safer future.