More than half of organisations’ have seen an increase in whaling email attacks on their finance and accounting departments in the lead up to the holiday season. According to research from security firm Mimecast, 55 per cent of organisations have seen an increased prevalence of targeted whaling attacks in the past three months. Whaling attacks, also known as Business Email Compromise, involve emails from cybercriminals with spoofed and familiar domain names, and often appear to be sent from the CEO or CFO to trick accounting or finance users into making illegitimate wire transfers. SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe According to the research, domain-spoofing is the most popular attack type, occurring in 70 per cent of recent whaling attacks. Most attackers pretend to be the CEO (72 per cent), while 35 per cent had seen whaling emails attributed to the CFO. Whalers prefer to hijack Gmail accounts (25 per cent), over Yahoo (8 per cent) and Hotmail (8 per cent). According to Mimecast, malicious entities will have undertaken significant research into the target business to identify the victim and organisational hierarchy, often utilising social media to gather information. “Cyber attackers have gained sophistication, capability and bravado over the recent years, resulting in some complex and well executed attacks,” said Orlando Scott-Cowley, cyber security strategist at Mimecast. Scott-Cowley recommended IT leaders educate staff and leaders around the possibility of whaling attacks and how to identify them, while also seeking to implement technology to help detect incidences of fake or deceptive emails. “Whaling emails can be more difficult to detect because they don’t contain a hyperlink or malicious attachment, and rely solely on social-engineering to trick their targets,” he said. “The barriers to entry for whaling attacks are dangerously low. As whaling becomes more successful for cybercriminals, we are likely to see a continued increase in their popularity, as hackers identify these attacks as an effective cash cow.” Related content feature 4 reasons why gen AI projects fail Data issues are still among the chief reasons why AI projects fall short of expectations, but the advent of generative AI has added a few new twists. By Maria Korolov Oct 04, 2023 9 mins Data Science Machine Learning Artificial Intelligence feature What a quarter century of digital transformation at PayPal looks like Currently processing a volume of payments worth over $1.3 trillion, PayPal has repeatedly staked its claim as a digital success story over the last 25 years. But insiders agree this growth needs to be constantly supported by reliable technological ar By Nuria Cordon Oct 04, 2023 7 mins Payment Systems Digital Transformation Innovation news analysis Skilled IT pay defined by volatility, security, and AI Foote Partners’ Q3 report on IT skills pay trends show AI and security skills were in high demand, and the value of cash-pay premiums was more volatile but their average value across a broad range of IT skills and certifications was slightly do By Peter Sayer Oct 04, 2023 6 mins Certifications Technology Industry IT Skills brandpost Future-Proofing Your Business with Hyperautomation By Veronica Lew Oct 03, 2023 7 mins Robotic Process Automation Podcasts Videos Resources Events SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe