by Bonnie Gardiner

55% of companies suffer increase in ‘whaling attacks’ leading up to Christmas

Dec 23, 2015

More than half of organisations’ have seen an increase in whaling email attacks on their finance and accounting departments in the lead up to the holiday season.

According to research from security firm Mimecast, 55 per cent of organisations have seen an increased prevalence of targeted whaling attacks in the past three months.

Whaling attacks, also known as Business Email Compromise, involve emails from cybercriminals with spoofed and familiar domain names, and often appear to be sent from the CEO or CFO to trick accounting or finance users into making illegitimate wire transfers.

According to the research, domain-spoofing is the most popular attack type, occurring in 70 per cent of recent whaling attacks. Most attackers pretend to be the CEO (72 per cent), while 35 per cent had seen whaling emails attributed to the CFO.

Whalers prefer to hijack Gmail accounts (25 per cent), over Yahoo (8 per cent) and Hotmail (8 per cent).

According to Mimecast, malicious entities will have undertaken significant research into the target business to identify the victim and organisational hierarchy, often utilising social media to gather information.

“Cyber attackers have gained sophistication, capability and bravado over the recent years, resulting in some complex and well executed attacks,” said Orlando Scott-Cowley, cyber security strategist at Mimecast.

Scott-Cowley recommended IT leaders educate staff and leaders around the possibility of whaling attacks and how to identify them, while also seeking to implement technology to help detect incidences of fake or deceptive emails.

“Whaling emails can be more difficult to detect because they don’t contain a hyperlink or malicious attachment, and rely solely on social-engineering to trick their targets,” he said.

“The barriers to entry for whaling attacks are dangerously low. As whaling becomes more successful for cybercriminals, we are likely to see a continued increase in their popularity, as hackers identify these attacks as an effective cash cow.”