Received an email from your company CEO? Beware, this could be a whaling attack - Hindustan Times

Received an email from your company CEO? Beware, this could be a ‘whaling attack’

By, New Delhi
Nov 29, 2023 05:06 PM IST

‘Whaling’ is a sophisticated form of cybercrime through which cybercriminals target high-profile or senior executives of a company, by posing as its CEO.

A ‘whaling attack’ is a sophisticated form of cybercrime in which cybercriminals target high-profile or senior executives of a company, with an aim to deceive them into revealing sensitive company information or to make them transfer money.

Representational Image
Representational Image

How is whaling different from other methods of cybercrime?

Whaling differs from phishing scams in that the latter targets non-specific individuals. ‘Spear-phishing,’ on the other hand, is similar to a whaling attack in that both target particular individuals.

Discover the thrill of cricket like never before, exclusively on HT. Explore now!

Whaling, however, goes a step further, with criminals impersonating the company CEO or senior manager so that the victim has no option but to reveal the information the ‘CEO’ wants them to.

Any alternative name for whaling?

For the aforementioned reason, it is also sometimes referred to as a ‘CEO fraud.’ It is called ‘whaling’ because those targeted are ‘big phish (fish)' or ‘whales,’ as are those under whose names the emails are being sent (without their knowledge, of course) to the victims.

What methods are deployed for whaling?

Email spoofing (crafting convincing emails so that these appear to have been sent by the real CEO); social engineering (to gather information about the target so as to personalise the message); and impersonation.

How to prevent a whaling attack?

This can be done by educating employees about such an attack and training them to recognise suspicious requests. Other methods include a multi-factor authentication (MFA) for extra level of protection for sensitive accounts; email authentication protocols, regular security audits, and an incident response plan.

Any recent incident of whaling?

In 2016, a Snapchat HR employee was tricked into revealing payroll information of ‘some current and former staffers.’ More recently, as many as six cases were reported from Pune last year, including one involving global vaccine major Serum Institute of India (SII).

Unlock a world of Benefits with HT! From insightful newsletters to real-time news alerts and a personalized news feed – it's all here, just a click away!- Login Now! Catch all the Latest Technology Mobile, Gadgets,Tech News from India and around the world
Share this article

    Follow the latest breaking news and developments from India and around the world with Hindustan Times' newsdesk. From politics and policies to the economy and the environment, from local issues to national events and global affairs, we've got you covered.

Story Saved
Live Score
Saved Articles
My Reads
Sign out
New Delhi 0C
Tuesday, February 20, 2024
Start 14 Days Free Trial Subscribe Now
Follow Us On