Whale Phishing and how to protect yourself from it

Whale phishing is a phishing scam attack that targets the ‘big fish’ in an organisation; the senior executives and other people with access to highly valuable or sensitive information. The scam lures them to share valuable information or transfer funds into an account managed by the cybercriminal.

Cybercriminals use spymail to gather important information about their ‘big fish’ before they attack. The spymail contains tracking codes that return information to the sender. The person under attack has no idea the information is being collected.

While spam filters and email antivirus have been standard since the late 1990s, they won’t necessarily protect you from a whale-phishing scheme. What you need is an advanced technology solution coupled with cybersecurity policies and training.


Provide special training for people at risk.

It’s important to provide all staff with email security training. However, senior executives and other people with access to highly valuable information require additional special training. This will help them to identify a malicious email and verify the sender. It will also raise awareness of their exposure to risk.


One level of security is never enough.

Cybercriminals are sophisticated. In order to combat them, you need sophisticated multi-layer security systems. Senior executives may unintentionally let their guard down when travelling or accessing emails at home after a long day. Your security solutions need to reach outside the office and nine to five setting.


Revisit your fund transfer procedures.

Many whale-phishing scam attacks are centred on the senior executive transferring funds, so it’s time you revisited your fund transfer procedures. As a minimum, establish a process that requires all transfers to be processed through a secure portal with two-factor authentication.


Implement anti-spymail protection.

Anti-spymail solutions can limit the amount of information an attacker can collect, making it difficult for a cybercriminal to perfectly time a credible attack.


Stay flexible.

Cybercriminals are changing their approach daily. For this reason, your approach to cybersecurity, and your policies needs to remain flexible. Stay alert and be prepared to make a change at any time.

Your best bet against Whale Phishing

While being vigilant and taking our tips to prevent “Whale Phishing” will go a long way in your personal security you can take it a step further and get expert IT help. Multi IT & Telephony Solutions have over 30 years experience in the IT industry with industry leading support. Contact us now for your Free IT Audit

Leave a Reply

Your email address will not be published. Required fields are marked *