Check Point Email Security | Blog

What is a Whaling Attack?

Written by Jeremy Fuchs | January 11, 2022

A whaling attack is a form of spear phishing attack, where the cyber threat actor researches and tailors their attack to a particular target. In the case of whaling, the target is a high-level executive or other important person within the organization. Often, these attacks are designed to convince the target to use their power and authority to take some action that benefits the attacker, such as ordering a wire transfer to the target’s account.

Whaling attacks are similar to business email compromise (BEC) attacks in that they both involve executives. However, BEC attackers masquerade as high-level executives, while whaling attacks target them. The attacks are otherwise identical, intending to have an employee take some action on the perceived orders of an executive.

How Does Whaling Attack Work?

As a form of spear phishing, whaling attacks need to be tailored to their particular target. This is one of the reasons why high-level managers or executives are the targets of these attacks. These individuals commonly have public personas associated with their company that enables cyber threat actors to perform reconnaissance and learn the necessary details required to make their attacks plausible. Also, the role of these individuals within an organization means that they have the authority or access required to achieve the attacker’s goals, such as stealing protected information or money from the organization.

Whaling attacks commonly involve the attacker masquerading as someone that the target has business dealings with. This could be another high-level executive within the company (making the attack both a BEC and whaling attack), a vendor, or a strategic partner. The attacker will communicate with the target via a medium that the two parties commonly communicate over, such as email.

Whaling attacks work because the attacker builds a pretext that makes it logical for the target to do what the attacker wants. For example, the attacker may masquerade as an existing or potential vendor that needs payment for an outstanding invoice or to close a deal. Alternatively, the attacker may masquerade as the CEO requesting employee data from the head of HR. If the target complies, the money or data is sent to the attacker.

What Is the Difference Between Whaling and Phishing?

Whaling attacks are a type of phishing attack or, more specifically, a spear phishing attack. In both phishing and whaling, an attacker uses trickery, psychological manipulation, and other techniques to convince someone to do something in the attacker’s best interests. While these attacks typically occur over email, they can be performed over any communications medium, including SMS messages, corporate collaboration apps like Slack and Microsoft Teams, and social media.

The main difference between whaling and phishing is the target of the attack. A whaling attack specifically targets a particular high-level executive, while a phishing attack can target anyone.

Types of Whaling Scams

Whaling attacks can be designed to accomplish a variety of goals. Some common examples of whaling scams include:

  • Data Exposure: Whaling attacks may be designed to steal sensitive information about an organization, its employees, or its customers. An attack against Seagate resulted in the exposure of the W2 forms of 10,000 of the company’s employees, which could be used for identity theft and other fraud.
  • Financial Theft: Whaling emails commonly use fake unpaid invoices and other pretexts to steal money from a company. An attack against FACC resulted in the theft of $58 million and the firing of the aerospace company’s CEO and CFO.
  • Malware Delivery: A company’s high-level executives are ideal targets for malware attacks. Cybercriminals may use whaling to trick executives into clicking on a malicious attachment that infects their computer with malware.

How To Prevent Whaling Attacks

Whaling attacks are a significant and expensive threat to an organization. Some ways to protect against these attacks include:

  • Flagging External Emails: Whaling attacks commonly come from email accounts from outside but pretend to be internal. Flagging emails from external sources can help to highlight these attacks and make them easier to detect.
  • Antivirus and Antimalware: Whaling attacks are commonly designed to install malware on a high-level executive’s computer. Ensuring that antivirus and antimalware protection are installed and kept up-to-date is essential to protecting against these attacks.
  • Separation of Duties: Whaling is often designed to influence the target to send money or sensitive information to an attacker. Processes and procedures should be designed so that any such request requires validation by multiple parties to minimize the chances of the attack succeeding.
  • Email Security Solutions: Whaling attacks commonly are performed over email and use a variety of techniques to appear legitimate and trick their targets. Email security solutions can detect warning signs of a whaling attack and block malicious emails from reaching the target inbox.

Check Point and Avanan have developed an email security solution that detects whaling and other phishing techniques and provides strong protection against a range of email-based attacks. To learn more about how Check Point’s email security solution can help protect your organization against whaling attacks, you’re welcome to sign up for a free demo.
View full post