What is whaling?
Unlikephishing attempts, which target individuals at random, whaling targets specific individuals.
Whaling is the threat facing business leaders, decision-makers, and managers who are digitizing their work processes due to the health crisis.
The cybercriminal's goal is to steal money, sensitive information, or gain access to their computer systems.
To catch these "big fish," they use:
- Identity theft. Domain name theft is the most common strategy, used in 70% of attacks. They gather information through social media or other information found on search engines.
- Targeted phishing. The cybercriminal targets a high-ranking employee by posing as a superior or another important employee of the company.
2021, the year of whaling
This year, 2021, will see whaling attacks intensify.
In fact, many companies rushed to implement teleworking in order to maintain their business.
Some of them did not take the time to train their employees on best practices for secure teleworking by following a strict protocol.
Cybercriminals are taking advantage of this climate of anxiety in certain sectors that were not accustomed to teleworking.
How can you protect yourself from whaling?
The best way to protect yourself from whaling attacks is to raise awareness. (source:ANSSI). That is why it is necessary to target executives and senior employees for in-depth training. More generally, raise awareness among all employees.
Developgood habits: hover over the name of the email sender to check their full address. Consider modifying the validation procedures for sensitive operations such as financial transactions and the communication of confidential information.
Useanti-phishing software: install this type of software, which offers services such as URL analysis and link validation.
Conductsimulated attacks: "educating" employees about phishing and whaling means learning the right actions to take, such as checking the sources of fraudulent emails or detecting fake websites.
In this particular context, the watchword must remain caution when it comes to these numerous remote exchanges.
