Jump in SA email ‘whaling’ attacks

2016-01-05 14:02
Post a comment 0
email, technology, communication


Johannesburg - More than half of IT experts surveyed in South Africa, the US, UK and Australia have seen rises in email ‘whaling’ attacks targeted at finance employees.

This is according to research from cloud-based email management company Mimecast which said that 55% of 442 IT experts surveyed had seen an increase in these attacks over the last three months of 2015.

Email whaling attackers typically register a similar sounding or visually similar web domain name to target certain organisations, according to Mimecast.

The attackers then create spoof emails that appear to be sent from an organisation's chief executive officer (CEO) or chief financial officer (CFO) to “trick accounting or finance users into making illegitimate wire transfers to cybercriminals”.  

These cyber attacks - which are also known as Business Email Compromise or BEC - also consist of attackers researching targets on social media sites such as LinkedIn and Twitter to identify victims and the hierarchy around them.

“The barriers to entry for whaling attacks are dangerously low,” said Orlando Scott-Cowley, cyber security strategist at Mimecast in a statement.

“As whaling becomes more successful for cyber criminals, we are likely to see a continued increase in their popularity, as hackers identify these attacks as an effective cash cow,” added Scott-Cowley.

Explaining its research results further, Mimecast found domain-spoofing is the most popular attack type (70%) and top-level domain squatting (e.g. mycompany.biz) is at 16%.

Mimecast’s research further pointed to most whaling attacks pretending to be the CEO (72%) and 35% of these emails posing as the CFO.

Whalers also prefer Gmail accounts (25%) over Yahoo (8%) and Hotmail (8%), said Mimecast.

To curb these attacks, Mimecast suggests that organisations should educate senior management, key staff and finance teams on this specific type of attack, carry out test whaling attacks to assess staff vulnerabilities and consider inbound email stationery that alerts employees when emails originate outside the corporate network.

Mimecast also says that organisations should subscribe to domain name registration alert services to find out when domains are created that closely resemble their corporate domains.

Considering registering all available top-level domains (TLDs) for an organisation and reviewing the finance team’s payment procedures can also help curb this threat, said Mimecast.

“Cyber attackers have gained sophistication, capability and bravado over the recent years, resulting in some complex and well executed attacks. Whaling emails can be more difficult to detect because they don’t contain a hyperlink or malicious attachment, and rely solely on social-engineering to trick their targets,” said Scott-Cowley.

Has your organisation or you been a victim of email 'whaling' attacks? Tell us by clicking here.

Read more about: phishing  |  email  |  cyber attacks