ASK MAT – I have been asked whether my firm has WHALING ATTACK protocols set up. What does this all mean?

ASK MAT – I have been asked whether my firm has WHALING ATTACK protocols set up. What does this all mean?

MAT SAYS – Thank you for such a great question and a good reminder that, in business, we are juggling many risks. And phishing attacks are one way our IT systems and valuable data are compromised.

Part 1 - PHISHING ATTACK

A whaling attack is a type of PHISHING ATTACK that specifically targets high-profile individuals within an organisation, such as executives or senior managers (see next section – part 2)

Phishing is a type of cybercrime where attackers deceive individuals into revealing sensitive information or installing malware. This is typically done through fraudulent emails, websites, or messages that appear to be from a trusted source.

Here are some key points about phishing:

• Deceptive Communication: Phishing messages often mimic legitimate institutions like banks or government agencies to trick recipients into providing personal data, such as passwords, credit card details, or Social Security numbers
• Common Tactics: These messages may include urgent requests, enticing offers, or fake links that lead to malicious websites designed to steal information
• Variety of Forms: Phishing can occur via email (email phishing), phone calls (vishing), text messages (smishing), and even social media

To protect yourself from phishing attacks, it's essential to exercise caution with unsolicited communications, verify the sender's identity, and refrain from clicking on suspicious links or opening attachments. (part 3)

Part 2 - WHALING ATTACKS

A whaling attack is a type of phishing attack that targets explicitly high-profile individuals within an organisation, such as executives or senior managers. These attacks are designed to trick the target into revealing sensitive information or transferring money by masquerading as legitimate communication from a trusted source.

Here are some key points about whaling attacks:

• Targeted Approach: Unlike general phishing attacks, whaling attacks are highly targeted and personalised, often using information gathered from social media or other public sources to make the communication seem more credible
• High Stakes: Because they target individuals with significant access and authority, the potential damage from a successful whaling attack can be substantial, including financial loss and data breaches
• Sophisticated Tactics: Attackers may use email spoofing, fake websites, and other sophisticated methods to deceive their targets. They often spend considerable time researching their victims to craft convincing messages

To protect against whaling attacks, organisations must educate their employees about these threats and implement robust security measures.

Part 3 - EMAIL AUTHENTICATION PROTOCOLS TO STOP WHALING ATTACKS

Email authentication protocols like SPF, DKIM, and DMARC play crucial roles in preventing WHALING ATTACKS, which are highly targeted phishing attacks aimed at high-profile individuals within an organisation.

1. SPF (Sender Policy Framework): This protocol allows domain owners to specify which mail servers are authorised to send emails on their behalf. By publishing an SPF record in the DNS, receiving mail servers can verify if an email is coming from an authorised server. This helps prevent attackers from spoofing the sender's domain
2. DKIM (DomainKeys Identified Mail): DKIM adds a digital signature to the email's header, which is created using a private key. The receiving server can verify this signature using the public key published in the sender's DNS records. This ensures that the email content has not been tampered with during transit and confirms the legitimacy of the sender's domain
3. DMARC (Domain-based Message Authentication, Reporting, and Conformance): DMARC builds on SPF and DKIM by providing instructions to receiving mail servers on how to handle emails that fail SPF or DKIM checks. It allows domain owners to specify whether such emails should be quarantined, rejected, or delivered. DMARC also provides reporting capabilities, enabling domain owners to monitor and improve their email authentication practices

Together, these protocols help prevent unauthorised parties from sending emails on behalf of a domain, thereby reducing the risk of whaling attacks and other email-based threats.

References

• Phishing - Wikipedia https://en.wikipedia.org/wiki/Phishing
• What Is Phishing? https://www.phishing.org/what-is-phishing
• What Is a Whaling Attack? Examples and Statistics | Fortinet https://www.fortinet.com/resources/cyberglossary/whaling-attack
• What is a Whaling Attack? | Whale Phishing - Kaspersky https://www.kaspersky.com/resource-center/definitions/what-is-a-whaling-attack
• What are DMARC, DKIM, and SPF? | Cloudflare https://www.cloudflare.com/learning/email-security/dmarc-dkim-spf/
• SPF vs. DKIM vs. DMARC: The 3 Pillars of Email Authentication https://ntseq.com/spf-vs-dkim-vs-dmarc-the-3-pillars-of-email-authentication/