What is a whaling attack?

Acronis
Acronis Cyber Protect
formerly Acronis Cyber Backup

A whaling attack is a type of spear phishing attack targeting high-profile employees and C-suite executives. This type of threat is built on the same premises and strategies as phishing attacks, instead of casting a wide net to ensnare almost any user, cybercriminals use whaling attacks to catch the biggest “fish” possible (thus the use of the term “whale”). If successful, whaling attacks can have serious consequences for victims and their organizations.

How does a whaling attack work?

Whaling attacks involve the use of phishing emails. However, these emails tend to be more advanced than standard phishing messages because the attacker usually invests more time attempting to make the email look completely legitimate. Whaling emails tend to:

·         Contain personalized information. Whaling emails usually include information about the recipient and their organization.

·         Appear urgent. A whaling email can include terms and phrases that indicate the recipient must act quickly and respond to the sender's message right away.

·         Are crafted in a reader-friendly tone and style. This helps them appear similar to other messages in the recipient's inbox.

In the early stages, cybercriminals gather as much information as they can about a potential victim. They use social media, official bios, press releases, blog articles and other sources to learn about the individual and they company they work for.

Using this information, the attacker can devise a strategy that best suits their purposes. This could include impersonating a customer, a trusted partner or even another senior executive at the company. Unlike “spray and pray” phishing campaigns that target a wide audience — and are noticeable for their low quality and lack of attention to detail — whaling attacks are carefully constructed to hook and land the biggest target possible.

In most whaling attacks, a cybercriminal will send a whaling email to one or more employees within an organization. The hacker may pretend to be a senior leader who is requesting information from a worker or asking him / her to follow certain directions. The email could request that the employee share sensitive information, download a malicious attachment, or even transfer funds to the cybercriminal’s bank account.

If the whaling attack is successful, cybercriminals can do real damage: access even more confidential information in the organization, exfiltrate sensitive data, lurk inside the network to plan a larger event in the future, or even launch malware or ransomware.

What is the difference between phishing, spear phishing, and whaling cyberattacks?

Phishing, spear phishing, and whaling attacks are similar in that they use similar approaches to attempt to trick unwitting targets. They also share another common trait: They can cause major problems for organizations of all sizes and across industries.

Yet they are different enough that it may help to quickly describe each type of attack:

·         Phishing is a general term that describes cyberattacks in which a hacker attempts to trick an end user into compromising data. A cybercriminal can launch a phishing attack against large groups of people, including private consumers or corporate employees.

·         Spear phishing is a type of phishing attack where a cybercriminal identifies a specific victim or groups of victims. As the name implies, spear fishing is a much more targeted approach (e.g., the point of a spear versus a wide net).

·         Whaling attacks are a type of spear fishing attack, but one that aims at a select group of senior leaders or executives.

How to protect against whaling attacks

1. Educate your employees

Teach your employees about whaling attacks and the risks associated with them. This requires you to develop and implement a cybersecurity awareness training program — one that especially focuses on phishing tactics and how to identify and avoid them.

2. Keep an eye out for suspicious emails

Encourage senior executives and employees to watch for, and be suspicious of, emails from unknown senders. For example, they should carefully review the sender’s email address and also look for other red flags, such as for different font sizes, skewed or pixelated logos, and misspelled words or other errors. As much as cybercriminals attempt to create high quality messages, they may still make these common mistakes.

3. Establish whaling attack prevention protocols

Require multiple levels of verification before responding to an email that appears to be from a senior leader. For example, an organization can require its employees to call their superior if they receive a request to share sensitive information via email. This additional step minimizes the risk that a worker will inadvertently expose an organization's sensitive data in a whaling attack.

Phishing attack statistics you need to know

Today's organizations are increasingly susceptible to phishing attacks, which is reflected in the following statistics:

·         Approximately 25% of all data breaches involve phishing.

·         Phishing was the most prevalent threat in the United States in 2020, and there were over 241,000 reported phishing victims during this period. 

·         Nearly 20% of all employees are likely to click on a phishing email link; among these individuals, 68% enter their credentials on a phishing website.

Do not expect phishing attacks to subside in the foreseeable future. Cybercriminals are constantly looking for new phishing attack methods and techniques. They look poised to explore new ways to attack organizations via phishing — and organizations must plan accordingly.

Why do whaling attacks work, and why are they so successful?

1. Cybercriminals do their homework before they launch whaling attacks.

Organizations can invest significant time, energy, and resources to optimize their security posture. Much in the same vein, cybercriminals frequently research potential whaling attack victims, and seek to learn as much as they can about potential victims prior to a cyberattack. That way, a cybercriminal can tailor an attack to their victim and increase the likelihood of success.

2. Whaling attack victims are urged to take immediate action.

Getting an email from a senior executive can be exciting. At the same time, the email can blind an employee to the fact that the email sender is requesting access to sensitive information about their organization. Thus, an employee can receive an email and believe a senior executive wants him or her to instantly respond to their request. This urgency can lead the worker to make a poor decision and accidently expose their organization's sensitive data. 3. Employees may believe they are immune to phishing attacks.  Phishing attacks are global problems. They occur every day, but employees may try to ignore them. In these instances, workers may be prone to open malicious email attachments — particularly those that appear to come from senior executives within their organization.

The bottom line on whaling attacks and how to guard against them

Whaling attacks can wreak havoc on your organization, but fortunately, with proper education, your senior leaders and employees can minimize their impact.

If you want to guard against whaling attacks, initiate a cybersecurity awareness training program. You can use the program to educate your workforce about whaling and other forms of phishing. Moreover, it lets you share cyber protection tips and insights and ensure your workers can address cyberattacks before they escalate.

Along with cybersecurity awareness training, it pays to invest in all-in-one cyber protection. With Acronis Cyber Protect (includes Acronis Cyber Backup), you get best-in-class protection against whaling and other advanced cyberattacks across your organization.

Acronis Cyber Protect (includes Acronis Cyber Backup) combines data protection and security. It empowers organizations to quickly and easily identify and mitigate cyberthreats. Plus, Acronis Cyber Protect (includes Acronis Cyber Backup) delivers end-to-end cyber protection and ensures your organization is safe against current and emerging cyberthreats.

We encourage you to try Acronis Cyber Protect (includes Acronis Cyber Backup) today — click here for a free 30-day trial.

About Acronis

A Swiss company founded in Singapore in 2003, Acronis has 15 offices worldwide and employees in 50+ countries. Acronis Cyber Protect Cloud is available in 26 languages in 150 countries and is used by over 20,000 service providers to protect over 750,000 businesses.