Significant hike in 'whaling' attacks suffered by organisations
Businesses are experiencing a significantly higher number of fraudulent attacks commonly known as ‘whaling’ attacks, with a new report finding that more than half of organisations report exposure to such tactics.
55 per cent of firms told security provider Mimecast that a senior member of the finance team had received an email claiming to be from the company’s CEO, which attempted to con staff into transferring large sums of money out of the company’s accounts.
Such attacks – referred to as ‘whaling’ – have spiked over the last three months, according to a poll of approximately 400 IT professionals in the UK, US, South Africa and Australia.
The majority of whaling emails purport to come from the CEO, with 72 per cent making such claims, while 35 per cent attempt to convince recipients that they are the firm’s CFO.
The most popular attack method was domain spoofing, which accounted for 70 per cent of all whaling attacks. The second most popular method, domain squatting, constituted only 16 per cent of attacks.
A quarter of all attacks came from Gmail accounts while Yahoo and Hotmail proved far less popular, with eight per cent of attacks originating from each service.
“Whaling has become an effective malware-less threat for enterprises. The cost of getting it wrong and falling foul of the social engineering can be significant,” said Mimecast cyber security strategist, Orlando Scott-Cowley.
He advised firms to ensure that their staff were aware of the threat and that they verified requests before carrying them out, as well as saying that IT managers should make sure email systems picked up on messages arriving from outside the company with suspicious-looking content.