4 ways to encrypt or password-protect a PDF for free without Acrobat
How-To - 3 min read
Eva Simpson
Jul 26, 2022
Jump to section
You've probably come across whaling in the world of fraudsters and social manipulation. So, what is whaling? Below is one quick example scenario.
It's an ordinary day in the office. You get a friendly letter from your boss, asking you to remind them of a few passwords to the company's databases.
The IT security team has just changed them, and your CEO forgot everything after yesterday's stressful meeting. You send the passwords, happy to help a colleague. And just like that, you've just become a victim of a whaling attack.
Whaling is an attack where fraudsters pretend to be an organization's senior staff. They use these false credentials to contact other high-level employees, such as CEOs, to trick them into giving away desired data or money.
From 2020 to 2021, whaling saw an increase of nearly 130%, which is an intense spike. Whaling usually occurs over email or on social media. Reluctant to turn down a request from a trusted high-ranking colleague, the recipients fall victim to the attack.
The scammer will write an informal email or send an instant message requesting to send over some confidential data. They will include the names of some colleagues and might mention a recent corporate celebration. All this will fully convince the victim to give away everything they ask.
To succeed, the scammers put a lot of effort into research. They analyze all the publicly available data about a person or organization. Sometimes they dig deeper and try to obtain private information through social engineering. Whaling does not require extensive technical knowledge, but hackers use it for incredible returns.
A whaler may analyze the social media profile of the company's CEO. They might also identify the relevant colleagues and their job titles and responsibilities in the organization.
In 2016, a scammer posed as the CEO of Snapchat by spoofing their email to gather payroll data. Snapchat is a huge company, making them a prime target for this whaling. Regardless of your company size, all companies can be victims of whaling.
If a whaling attack succeeds, it can lead to significant losses:
At best, a business might lose employees. At worst, a whaling attack can cause a company to shut down.
A whaling attack usually comes in an email or phone call. If the email request seems unusual, you might have an attack on your hands. Here are some things to keep your eyes open for:
By keeping your eyes open, you take the first step in defending against a whaling attack.
The best way to prevent a whaling attack is by following standardized, thoughtful security procedures. Good companies have rules when it comes to data sharing. High-level executives should be most aware of this situation.
Below, we will go through some specific steps you can take.
As an employee, check your company’s data security policies. Good data policies limit the sharing of sensitive information, even in rushed situations. In this situation, you can affirm that you and other employees are doing the right thing.
If your place of employment has no policy, use common sense. How would you feel about this information being shared over an unsecured channel? Talking directly to the executive can solve many of these problems. Even if you find out it is your boss, it gives you an opportunity to address concerns.
Check to see if your business has a phishing awareness training program. If they don’t, encourage your company to push this forward. All employees that work with any form of data and communication should have a basic understanding of security. Having anti-phishing tools also helps.
Secure password managers enable you to protect password information for use across multiple platforms. Good password managers should automatically generate strong passwords for you and secure them behind robust security measures. Having them also discourages employees from sharing passwords via unsecured channels (like emails).
Multi-step verification on each profile ensures that data access requires two forms of identification. This can be smartphone-based (text messages or authenticators) or biometric-based (fingerprints). Verifying identity through both passwords and a secondary system makes things more secure.
Using NordLocker is an easy and fast way to secure the files you share online. You don't need to trust your email provider to keep the data safe – you can do it yourself.
NordLocker helps you do this through backup codes, physical security keys, and authentication apps. You can also use NordLocker to connect to your multi-factor authentication page. Security platforms should meet your unique needs.
NordLocker's AES-256 and ECC encryption algorithms and our zero-knowledge process guarantee that no one can open the files you encrypt besides you and your recipient. So if you want security across the board, check out NordLocker.
At first sight, it is hard to tell the difference between whaling and spear phishing, another phishing attack targeting specific individuals within an organization. But on closer inspection, whaling has a more personalized nature and narrow scope.
While spear phishers do not necessarily reach out to senior persons, whalers aim exclusively at top-level employees, the largest fish within an organization. So, the whaler can narrow down the target to a single person.
Another popular term for this is “whaling phishing,” which attempts to get high-ranking individuals to take a specific action. The action typically involves sharing information. It can also refer to installing malware or proceeding with a fraudulent payment of funds.
When you have to share anything for your business, it could be an attempt at whaling. Using the tips in this article can help. Always keep your business accounts and the data behind them secure.
With NordLocker, secure sharing is available between business users. We are consistently developing new systems to make NordLocker better for your needs. So keep your eyes peeled for the latest updates!
Elisa Armstrong
Verified author
Elisa’s all about languages. She speaks five, loves stand-up comedy, and is writing her first novel. Besides her extensive knowledge of cybersecurity, she’s an expert in persuasion techniques hackers use and strives to teach people how to avoid online scams.
Popular articles