Another Fishing synonym – CEO Whaling
Part 1: 5 phishing tactics that are threatening UK Businesses
As IT departments tighten their network security, cyber criminals are now focusing on the next weak link in business defences – employees.
Of the 95,000 phishing email scams reported by Action Fraud in 2015 many were tailored to fool company staff – leading to malware and ransomware infections, as well as data and financial theft.
In this series of blog posts we’ll look at five types of phishing email that have the potential to cripple your business. This first post looks at CEO fraud, also referred to as ‘whaling’.
CEO fraud is a spear phishing technique that can have a disastrous financial effect on businesses. Fraudsters impersonate company bosses – typically CEOs, CFOs or financial directors – requesting financial personnel to make urgent bank transfers.
Other variations of spear phishing can include emails directed at HR staff requesting employee payroll data, or to administrators in health care organisations requesting medical records. All seemingly come from colleagues within the same organisation.
CEO fraud has resulted in many high-profile casualties including Michellin, French Connection, Nestle, KPMG, Ubiquiti and Snapchat.
One of the most recent victims was American toy-maker Mattel, in which an unsuspecting finance executive wired $3 million to a Chinese bank account, believing the request was made by the company’s CEO.
Fraudsters not only spoofed the Mattel CEO’s email address, they also exploited a period of management change to their advantage – so that the victim had fewer approvals to obtain before wiring the money.
Whalers don’t just target big corporations. SMEs are also regularly targeted, as with the case of French industrial company Etna Industrie, in which the company’s accountant was pressurised into making several ‘urgent’ bank transfers totalling £372,000.
How to protect your business from spear phishing
- Simulate a targeted spear phishing attack with PhishAware
- Use the results to review existing processes for transferring funds or releasing confidential information.
Learn more about PhishAware
Receive the full infographic of the 5 hot trends in phishing tactics here:
We are Perspective Risk
Information security is crucial to every aspect of your business – operational efficiency, profitability, business continuity, customer confidence, brand loyalty, protection against fraud and meeting regulatory requirements.
Our penetration testing, pen testing, pen tests and cyber security testing has proven time and time again to be an effective security assessment of business IT infrastructure.
Perspective Risk provides in-depth security assessments, risk management and compliance solutions to help you keep your confidential information safe and your critical systems secure. We’re innovative, flexible and supportive, helping you through any information security issues to deliver real business benefits and excellent value.