Never mind phishing: look out for whalers

“WHALING” — cyberattacks targeting organisation heads — is on the rise.

A typical whaler will masquerade as a senior executive of a company and ask employees to send urgent payments, or share sensitive information.

The UK Cyber Security Breaches Survey 2022 found impersonation attempts were the second-most common type of breach after phishing. Attacks are becoming more frequent and more sophisticated, says Anthony Green, CTO of cybersecurity firm FoxTech.

While phishing emails are often indiscriminate and unresearched — making them easier to spot — whaling attacks can be personalised, and convincing. Hackers carefully gather information, studying the language and communication style of their target and finding out which employees regularly respond to requests from that person “and wouldn’t be surprised to receive an urgent communication”.

Hackers include company graphics and email addresses that appear real at first glance. Look out for added or removed full stops that do not follow the company norm, such as [email protected] instead of [email protected]. Another tactic is using “r” and “n” together to look like an “m”: [email protected] becomes [email protected].

Hackers may claim to be a senior executive over text, WhatsApp, or Slack. Be alert to messages from unknown numbers, and excuses such as a lost phone or deleted account.

Also suspicious are excuses for not being able to speak on the phone: a lost signal, or being in a meeting. Whaling attacks will often include “updated payment instructions” — and hackers who have done their research may know a genuine payment is due.

Green says installing two-factor authentication and DMARC (an email spoofing protocol that stops the unauthorised use of an email domain) can help.

If a whaling email does get through, employees are the first line of defence. The National Cyber Security Centre (NCSC) has a guide on how to deal with the threat.