Directive Blogs
Business Executives are Targeted with Whaling Scams
Even if you are using the best antivirus software available, sensitive company data can still be compromised by users falling victim to phishing scams. Phishing is a tactic where scammers trick users into giving out their personal information, usually through deceptive spam e-mails. Looking to fry bigger fish, scammers are trying their luck at whaling.
Whaling is a scam that specifically targets high level business executives. Why use a phishing net to catch a few small fish when you can use a harpoon and catch a large whale? Business executives are valuable targets because they are accountable for the most sensitive of company information. A whaling scam is designed to trick an executive into filling out forms that can lead to identity theft. Whaling can also be used to gain control of an executive's PC to steal passwords and confidential company information.
What makes whaling so effective is that it is less obvious than a generic spam message. With whaling, a scammer will craft a personalized message to the executive using references and names that will make the con believable (details like names of family members, schools attended, hobbies, etc.). In order to get ahold of a target's personal information, a scammer will mine many different resources on the internet and even rummage through physical garbage. It is also believed that scammers work together and buy executive's online profiles from each other. Scammers put a lot of work into a single message, all in an attempt to make the message as believable as possible.
While e-mail is often used in whaling, it is not the only harpoon in the tackle box. Scammers also like to use phone calls where they pretend to represent the company from a different office, or a vendor that needs more information regarding a contract. Scammers who use phone calls for whaling spend lots of time doing their homework to learn personal information and company culture; they may even have a script prepared. Many scammers view this as a challenging game. There are even legal competitions where phone scammers will get together, pick a company, and see who is the fastest at extracting sensitive corporate information from executives.
Falling for a scam like phishing and whaling typically finds its way around antivirus software and firewalls because victims are tricked into granting permission to download the malicious code onto their network. Educating yourself and your employees about these potential threats and what to look for is your best defense. A strong network security solution still plays a vital role in protecting your company's network from security threats like phishing and whaling, especially if downloading a known malware is part of the scam.
Directive wants to help protect you from all scams and viruses. We can outfit your business with a strong network security solution like a Unified Threat Management tool, and help educate you and your employees on what to look for in a scam. Don't get harpooned, call Directive at 607.433.2200.