Going after the big fish…

Here at 5C we’re constantly battling the forces of unwanted spam, malware and virus attacks.

We ensure that the latest in hardware and software protection is in place for our customers but the ‘bad guys’ on the other side are working just as hard to break through that protection to obtain highly sensitive data.

Instances of popular attacks lately have been ‘Whaling’ scams. This is where an employee will receive an email from (supposedly) the boss, executive or higher management, urgently requesting that they deposit some money into a ‘customer’s account’ or simply request sensitive data e.g. Payroll details, banking information etc. The urgency of the message, along with the fact that it appears to be coming from the boss could easily make an employee fall for it.

Here is a commonly used example:

whaling letter example

There are various ways of defending yourself against these kind of attacks and we feel the best form of protection is education. Ensure that you’ve educated your senior management, key staff, and financial department of these kind of attacks and ensure that before you release any sensitive data that you have spoken to the recipient beforehand.

If you’re unsure or require further information, please don’t hesitate to contact our engineers AND REMEMBER, it can happen to anyone.

Here are just two real-world examples:

  • At Snapchat, the payroll department received a whaling email pretending to be sent from the CEO asking for employee payroll information.
  • At Mattel, a high-ranking financial executive received an email from a scammer impersonating the newly appointed CEO requesting a $3 million money transfer.

Both whaling attacks succeeded.


About the author: