Even companies like Snapchat and Seagate have fallen prey to whaling and phishing attacks that steal thousands of proprietary company data records. Is your enterprise company next?
Phishing attacks on companies have been around for as long as email has been a primary mode of business communications. And while cyber attacks have gotten more and more sophisticated, phishing attacks still haven't gone away. In fact, a 2016 Verizon Data Breach Investigations Report found that a vast majority of company data breaches are still caused by phishing attacks - with a growing concern over whaling phishing attacks.
What is a whaling phishing attack?
A whaling attack is very similar to a regular phishing attack in that it relies on cyber criminals sending fraudulent emails in order to obtain personal credentials and sensitive information, such as bank account information, company login credentials, and credit card info. The difference with whaling is that these emails are targeted at high-level company individuals, such as the C-suite and VP level positions, in order to gain access to higher-level company data. Also, whaling attacks are much more methodical and targeted to an individual user, taking into account their positions, vendor relationships, and other targeted information that can be found online in order to trick the person receiving the email into believing that it's from a legitimate source.
Whaling and phishing attacks might seem outdated in a world where highly sophisticated cyber attacks happen fairly regularly. However, human error is still one of the biggest threats for enterprise companies, and whaling attacks take advantage of the knowledge that most people have a hard time discerning between real and fake emails.
Is Whaling and Phishing Still a Major Threat?
If you thought that whaling phishing attacks weren't still a major concern, consider this statistic from the same Verizon Data Breach report: last year, 30% of all phishing emails were opened by the target recipient. In addition, a full 10% of phishing attacks result in a data breach. And it's not just lesser known companies that are falling prey to these types of scams. Over the last few years, whaling and phishing scams have been successfully targeted at places like Snapchat, where payroll data for over 700 employees was compromised because an employee received a fake email made to look like it was from the CEO, Evan Spiegel. Enterprise technology company, Seagate, lost 10,000 W-2 tax forms in a targeted whaling attack. And Austrian aircraft manufacturer, FACC, ended up losing 50 million euros in a well-targeted whaling attack.
Fighting back against whaling and phishing attacks isn't easy, as it relies heavily on educating employees on how to identify a fraudulent email and what to do if they encounter one. But, with more cyber criminals turning towards whaling to get access to sensitive company data and systems, it's never been more important to implement stronger controls and educate all employees on how to spot and respond to phishing email scams.