Corporate World Honchos Targeted By 'Whaling' Threats

Whaling or "spear phishing" is the newest threat from phishers aiming senior executives of the business world. It means phishing frauds are attacking the affluent. Whaling frauds try to deceive people into believing that a spam message received by them is authentic, making them disclose their personal data, as reported by FT on September 8, 2008.

This marks an improvement over earlier phishing techniques where messages were sent indiscriminately. This is a more targeted method in which users are selected as per their position and affluence.

Whaling scams use social engineering methods and include private data to deceive people into believing that the e-mail is authentic. The rise and fame of the collaborative Web 2.0 Websites where people can share and interact (Facebook enrolls 250,000 members daily) has altered the threat situation and security techniques adopted by companies. More sophisticated technologies and tools are being released every year, leaving Internet users irritated and at greater risk.

Furthermore, this modified and improved phishing version selectively transmits e-mails to just high ranking and affluent executives. Cyber criminals not only secure the user's private e-mail ID but also many other details like official designation, phone numbers and lists of other business contacts. Phishers also attempt to hijack their victims' computers to retrieve passwords and private company data.

Over 95% of the whaling attacks are supposedly perpetrated by just two autonomous cyber criminal gangs: one group embeds a Browser Helper Object and the second one attachs a keylogger, which acts as a deterrent between end user and security measures. Lately, several whaling frauds appeared so authentic that the cited sender companies had a tough time repudiating them and have advised people not to respond to such dubious e-mails.

As per a new report by iDefense Labs, there were around 66 whaling attacks in the US in the period spanning from February 2007 to June 2008, and these attacks were mounting progressively. The report further reveals that in the last 15 months, whaling groups have targeted over 15,000 business executives who lost above $100,000. The phishers targeted Fortune 500 firms, financial organizations, federal agencies and law firms.

Related article: Corporate End Users Disdainful to IT Security

» SPAMfighter News - 9/19/2008