How to avoid “Whaling” fraud against your business

Recently an interesting news piece was published on The BBC website about a fraud scam attacking many businesses across the UK, known as “Whaling” – http://www.bbc.co.uk/news/technology-34570713. Similar to what we know as phishing attacks, that tend to be aimed at smaller fry, Whaling is where hackers instead target a ‘big fish’ within the business, typically the financial director or similar. [OK, we know whales are not fish, but we didn’t make up that term!]

We were alerted to this a couple of months ago, as businesses we knew witnessed first hand cyber-thieves trying to commit fraud against them.

The particular scam is simple; the attackers research their ‘mark’ carefully, targeting important financial employees within companies via email. Masquerading as the CEO, or a similar senior role, whilst out of the office, the fraudster then sends an actual email that states that they need money transferring into an account, which will often be large sums of money. The employee will send the money believing that the email is legitimate. The email address, style of writing, tone and sign off is all very similar, and that’s how the scam works so well. It’s highly convincing to the untrained eye!

We have put together some top tips on how to help protect your organisation against this type of “social engineering” attack:

  • Implement email filtering products to your systems
  • Consider whether you need details of staff and their job roles on your website
  • Always verify any requests to transfer money by an alternative method of communication (e.g. telephone, text message or in person)
  • Avoid using personal email accounts for business
  • Change passwords regularly and make them secure (if you must use your dog’s name, at least put it in brackets or speech marks and add a number to the end e.g. “Buster42”)
  • Make all directors and finance staff with bank account access aware of this particular risk

The best defence above all is to understand and be aware of the potential risk to your business. We can implement email-filtering products for you that can help reduce the risk of such attacks. It’s vital that you’re aware of all attacks and to ensure you’re covered against such scams. Attacks such as “Whaling” can be extremely damaging to your business. So be aware!

Remember if you are caught out by this or any other scam, it is important to get the Police and your bank involved as soon as possible, as there may be a potential to reverse any payments that have been made.