Recently, I was fortunate enough to have avoided a second attempt at ‘whaling’ and on further research found that this method of attack is becoming more and more popular with cyber criminals. Whaling is often referred to as CEO impersonation fraud and it takes place when a scam email purporting to be from the Chief Executive Officer, Managing Director or another senior figure in an organisation is sent to the finance team, or another senior figure. The email requests that a payment to be made to a third party, or to the senior figure themselves. It is known as ‘whaling’ because it targets one of the ‘big fish’ in an organisation as opposed to phishing, which targets a large number of smaller ones.
Whilst tell–tale signs alerted me to the fact I was being targeted, other small and large organisations alike have been targeted…and fallen for the scam.
There have been a few high profile scams but there is increasing targeting of the small business sector. There are steps you can take to ensure that you are not caught out by scams like this:
- Be on your guard for payment requests that are unexpected or irregular, whatever the amount involved.
- Always check with the person you believe sent the email, however senior or busy, that it is from them. If they are not available and the email has requested urgency, check with one of their senior colleagues.
- Do not do this by email in case their account has been hacked. Instead, make a phone call, ask in person or use some other trusted communication method.
- If in any doubt, do not make the payment, however urgent it may seem or whatever the suggested outcome(s).
If you have any further queries on whaling or phishing, please feel free to get in touch and we will assist you however we can.