Whale Phishing 2022: What is it and How to Protect Yourself From the Attack?

Phishing
Phishing Unsplash/ Christian Wiediger

An online phishing attack usually involves a scammer trying to impersonate a service that you use in a bid to get credentials or money out of you.

Another more targeted and potentially more lucrative version of the scam is called whale phishing or whaling.

Whale Phishing Targets Organizations

The most notable difference between a standard phishing attack and a whale phishing attack is how the scammer targets its victims, according to HowtoGeek.

While phishing attacks are sent out to hundreds or even thousands of people at a time, whale phishing attacks are usually far more targeted.

A whale phishing attack may target a single person within a business using the information garnered from within that organization.

Scammers will put in more research to trick their victims, which may involve studying hierarchies and company information online or getting information from within the company itself.

For example, a scammer will usually present themselves as a high-level member of staff. This could be a manager or technician or the CEO or owner of the business.

Choosing a figure of authority is important for the scam to work since the target. Usually, lower-level employees are more likely to fulfill a request without questioning it, according to TechTarget.

So in one example, a scammer may pose as a senior account manager, drawing an employee's attention to an invoice that needs to be paid.

But the email may contain a link to an external website that is used to steal login credentials or contains instructions to make a payment to an account that the scammer controls.

The end goals may be numerous, where scammers attempt to steal personal information, money, credentials, and plant malware.

Over time this could lead to security problems, ransomware attacks, espionage, and a great deal of distress for the victims.

Whale Phishing Uses the Same Old Tactics

Whale phishing is essentially spear-phishing with a bigger and usually corporate payout. Spear phishing is a bit more sophisticated version of standard phishing, where the scam is tailored to the victim.

In this scenario, whale means having a bigger "catch" - that's why it is called whale phishing.

While a whale phishing attack needs more effort and time on the scammer's end, the tactics used are similar to a standard phishing attack, according to MalwareBytes.

For example, the scammer may use a fake email address that is either spoofed or made to look very similar to an email address used by the person they are impersonating.

Since these attacks rely on a human component, whale phishing by phone is another type of tactic. Like phone calls, text messages may be used for phishing attacks.

A less used tactic is physical access, where the victim is baited with a USB stick made to deliver a payload.

Ultimately, being vigilant and skeptical is the best defense against phishing attacks.

Whale Phishing Is Not New

The phishing scam is a type of scam that has been around for decades and will likely continue to be a threat for many more.

The key to avoiding this type of scam, and many others, is to be aware.

In March, Facebook said that scammers used the FB Quiz tool to trick victims.

In April, Whatsapp warned users of phishing scams on the platform.

Related Article: Meta Sues Criminals Behind Phishing Scams on Facebook, Messenger, Instagram; Does Not Know the Hackers Yet

This article is owned by Tech Times

Written by Sophie Webster

ⓒ 2024 TECHTIMES.com All rights reserved. Do not reproduce without permission.
Tags:Phishing
Join the Discussion
Real Time Analytics