Blog/Expert Analysis/

What whaling is and how to prevent it

Elisa Armstrong

Elisa Armstrong

·

Jun 27, 2022

·

4 min read

Jump to section

You've probably come across whaling in the world of fraudsters and social manipulation. So, what is whaling? Below is one quick example scenario.

It's an ordinary day in the office. You get a friendly letter from your boss, asking you to remind them of a few passwords to the company's databases.

The IT security team has just changed them, and your CEO forgot everything after yesterday's stressful meeting. You send the passwords, happy to help a colleague. And just like that, you've just become a victim of a whaling attack.

What is whaling?

Whaling is an attack where fraudsters pretend to be an organization's senior staff. They use these false credentials to contact other high-level employees, such as CEOs, to trick them into giving away desired data or money.

From 2020 to 2021, whaling saw an increase of nearly 130%, which is an intense spike. Whaling usually occurs over email or on social media. Reluctant to turn down a request from a trusted high-ranking colleague, the recipients fall victim to the attack.

The scammer will write an informal email or send an instant message requesting to send over some confidential data. They will include the names of some colleagues and might mention a recent corporate celebration. All this will fully convince the victim to give away everything they ask.

To succeed, the scammers put a lot of effort into research. They analyze all the publicly available data about a person or organization. Sometimes they dig deeper and try to obtain private information through social engineering. Whaling does not require extensive technical knowledge, but hackers use it for incredible returns.

A whaler may analyze the social media profile of the company's CEO. They might also identify the relevant colleagues and their job titles and responsibilities in the organization.

Here’s a real-world example:

In 2016, a scammer posed as the CEO of Snapchat by spoofing their email to gather payroll data. Snapchat is a huge company, making them a prime target for this whaling. Regardless of your company size, all companies can be victims of whaling.

What can happen if a whaling attack succeeds?

If a whaling attack succeeds, it can lead to significant losses:

  • Loss of data (both employee and customer data)
  • Loss of financial resources (upon sending financial details)
  • Reputation loss (from having weak cybersecurity responses)

At best, a business might lose employees. At worst, a whaling attack can cause a company to shut down.

How to identify a whaling attack

A whaling attack usually comes in an email or phone call. If the email request seems unusual, you might have an attack on your hands. Here are some things to keep your eyes open for:

  • A request to share data or money. Even if the request is for simple account information, it might be the beginning stages of an attack.
  • A sense of urgency. Scammers usually claim that they need the information very quickly and that it is very urgent and vital. They try and outrun any cybersecurity response.
  • A phone call follow-up. This is a form of social engineering to make the email seem legitimate.
  • An unusual email address. Scammers using this tactic don’t take over emails; they emulate them. Check the sending details to see if it matches the senior executive's email.
  • Strange attachments. Does your boss usually send email attachments? While malware isn’t common in whaling, it is still something to look for.
  • Look at the grammar. An official senior email is meticulously checked for errors. Do you spot any? That’s another sign the email is not legitimate.

By keeping your eyes open, you take the first step in defending against a whaling attack.

How to prevent a whaling attack

The best way to prevent a whaling attack is by following standardized, thoughtful security procedures. Good companies have rules when it comes to data sharing. High-level executives should be most aware of this situation.

Below, we will go through some specific steps you can take.

1. Check your company’s data policies

As an employee, check your company’s data security policies. Good data policies limit the sharing of sensitive information, even in rushed situations. In this situation, you can affirm that you and other employees are doing the right thing.

2. Use common sense

If your place of employment has no policy, use common sense. How would you feel about this information being shared over an unsecured channel? Talking directly to the executive can solve many of these problems. Even if you find out it is your boss, it gives you an opportunity to address concerns.

3. Encourage a phishing awareness program

Check to see if your business has a phishing awareness training program. If they don’t, encourage your company to push this forward. All employees that work with any form of data and communication should have a basic understanding of security. Having anti-phishing tools also helps.

4. Make use of secure password protection platforms

Secure password managers enable you to protect password information for use across multiple platforms. Good password managers should automatically generate strong passwords for you and secure them behind robust security measures. Having them also discourages employees from sharing passwords via unsecured channels (like emails).

5. Have multi-step verification

Multi-step verification on each profile ensures that data access requires two forms of identification. This can be smartphone-based (text messages or authenticators) or biometric-based (fingerprints). Verifying identity through both passwords and a secondary system makes things more secure.

Using NordLocker is an easy and fast way to secure the files you share online. You don't need to trust your email provider to keep the data safe – you can do it yourself.

NordLocker helps you do this through backup codes, physical security keys, and authentication apps. You can also use NordLocker to connect to your multi-factor authentication page. Security platforms should meet your unique needs.

NordLocker's AES-256 and ECC encryption algorithms and our zero-knowledge process guarantee that no one can open the files you encrypt besides you and your recipient. So if you want security across the board, check out NordLocker.

What is the difference between spear phishing and whaling?

At first sight, it is hard to tell the difference between whaling and spear phishing, another phishing attack targeting specific individuals within an organization. But on closer inspection, whaling has a more personalized nature and narrow scope.

While spear phishers do not necessarily reach out to senior persons, whalers aim exclusively at top-level employees, the largest fish within an organization. So, the whaler can narrow down the target to a single person.

Another popular term for this is “whaling phishing,” which attempts to get high-ranking individuals to take a specific action. The action typically involves sharing information. It can also refer to installing malware or proceeding with a fraudulent payment of funds.

Conclusion

When you have to share anything for your business, it could be an attempt at whaling. Using the tips in this article can help. Always keep your business accounts and the data behind them secure.

With NordLocker, secure sharing is available between business users. We are consistently developing new systems to make NordLocker better for your needs. So keep your eyes peeled for the latest updates!

Elisa Armstrong

Elisa Armstrong

Verified author

Elisa’s all about languages. She speaks five, loves stand-up comedy, and is writing her first novel. Besides her extensive knowledge of cybersecurity, she’s an expert in persuasion techniques hackers use and strives to teach people how to avoid online scams.