Cyber risk and advisory programs that identify security gaps and build strategies to address them.
MDR that provides improved detection, 24/7 threat hunting, end-to-end coverage and most of all, complete Response.
Our team delivers the fastest response time in the industry. Threat suppression within just 4 hours of being engaged.
Be protected by the best from Day 1.
24/7 Threat Investigation and Response.
Expert hunting, research and content.
Defend brute force attacks, active intrusions and unauthorized scans.
Protect assets from ransomware, trojans, rootkits and more.
Intelligence and visibility across AWS, O365, DevOps and more.
Configuration escalations, policy and posture management.
Detects malicious insider behavior leveraging Machine Learning models.
You’ve probably heard of phishing (and the damage its wreaking worldwide), but have you heard of whaling? In this blog, we discuss everything you need to know about whaling and how it can impact you.
Simply put, whaling is the targeted phishing of high value clients, such as executives or C-level employees, with access to sensitive information.
With regular phishing emails, cybercriminals will cast a wide net hoping to catch anyone, or anything, with no specific goal in mind. These phishing emails are typically easier to spot because they’re less professional, and consequently look more suspicious.
Whaling, on the other hand, is highly customized and personalized. Whaling attempts often include the target’s name and job title, as well as any other relevant information that will help prove credibility.
A whaling email will look like it’s coming from an authority figure or someone you work with and will usually be marked critical or urgent. Attackers are looking to garner a quick reaction from their target, so the content will include a request to perform a task that is typical for the target, such as reviewing a document, approving a wire transfer or installing software.
Much like regular phishing attacks, whaling is on the rise. Of course, whaling is uniquely popular because of the huge rewards that can be gained from a successful attack. These rewards typically come in the form of a quick and sizable payout, or access to a company’s internal network and highly-privileged information.
According to a recent report from PhishMe, 91% of cyberattacks start with a phishing email. As individuals become more aware of phishing attempts, cybercriminals become more creative, which is likely why phishing and whaling remain consistently effective. It is important that individuals stay one step ahead of their attackers and pay close attention to any trends.
eSentire runs simulated phishing campaigns for companies to help employees prepare for inevitable real-world phishing and whaling attacks. These phishing tests are sent company wide with the intent of tricking users into opening a malicious document or clicking a link and entering credentials into a fake website.
The campaign will track the number of people who viewed the email, opened attachments or clicked on any links. These tests help companies understand the security awareness of their employees and the vulnerabilities they face. Employers can then use this information to assess the training needs of their employees and provide that training.
These tests allow us to see how many people on average are susceptible to phishing attempts, and more specifically, which types of phishing emails perform best, thus indicating how dangerous they could be in a real-world setting. Clients are often very surprised to see how many of their employees click on malicious links and enter credentials into a spoofed website.
Of the tests run in 2016, we discovered an average open rate of 20% (that’s 1 in 5!) and a click rate of 18%.
These tests demonstrate that phishing is still a relatively successful way to gather confidential information. No matter how prepared employees seem to think they are, there are still always people that fall for the tests.
Executives can protect themselves in the same way employees should. When you, as an employee (C-suite or otherwise), receive an email instructing you to perform an action—especially anything to do with money or software installation—you should start by verifying that the sender of the email is legitimate. The quickest way to do this is to give the sender a phone call to confirm that they sent both the email and request. If possible, avoid responding to the email—if the email account has been compromised, the attacker can provide false verification.
Secondly, always verify any link before clicking on it. If you’re ever instructed to go to a specific website, open a browser instead and find the actual site through a search engine, or manually enter the correct URL. Similarly, if you receive an unexpected document, be very cautious about opening it and never enable or authorize executable code (like macros).
Finally, if you suspect a phishing email, immediately report it to your company’s security team. This holds true even if you already fell for the attack. You’re not expected to be invincible, but the quicker your security team learns about the situation, the more likely it is that they can limit or reduce any damage.
When it comes to cybersecurity, everyone is at risk. The best way to avoid falling for a phishing/whaling attack is constant diligence. Don’t take unnecessary risks online and consider your actions carefully before committing them. If you are in a position of leadership at your company, your responsibility is two-fold: protect the highly-confidential data you have access to and set a good example for the people reporting to you. The phishers are out there; don’t let them catch a whale.
Throughout his time at eSentire Rob has held several key positions including Director, Professional Services where he managed a team of security consultants that has performed hundreds of successful information security audits for organizations around the world in legal, financial, healthcare, government, extractive, and technology sectors. Rob also serves as the authority and primary owner for the eSentire project team on issue management resolution, scope change control/approval, and project reporting.