Fraudsters targeting large companies are shifting their sights away from low-level employees and going after top-tier executives in a new round of scams that investigators are dubbing “whaling” attacks.
According to a recent article published by UPI, the term whaling comes from the fact that it is a larger version of common “phishing” scams. Phishing involves attempting to convince someone to divulge sensitive financial information.
While phishing attacks traditionally focus on rank-and-file employees, whaling has upped the stakes.
The UPI article lists the following quote from Network World Magazine, "With targeted phishing attacks on the rise, it's no surprise that cybercriminals are doing their research and aiming at those with the most to lose – executives.”
While whaling attacks have been steadily increasing, the article states that corporate security experts typically find it hard to discuss the matter with executives who consider the information sensitive.
Common whaling attacks often involve sending emails to the executives that appear to come from the Internal Revenue Service, Federal Trade Commission, U.S. Department of Justice or appear to be pro forma invoices. When the recipient clicks on the included link, they inadvertently install software that can monitor keystrokes and password information.
One of the most challenging aspects of preventing phishing and whaling is that the installed computer programs are so discrete that they are rarely flagged by operating systems or anti-virus software packages.
