From Phishing to Whaling: Recognizing and Avoiding Identity Theft

suplantación de identidadIn the past, identity theft was common subject in blockbusters or police drama TV series. Nowadays, identity theft is a reality that might hit anyone using the Internet.

 

As a matter of fact, identity theft has several shapes, and phishing is only one of them. Since phishing has been accompanying us for a while; it’s harder and harder for cyber criminals to catch us up and our sensitive data by just adding malicious links, or similar tricks. 

 

In other words, phishing has naturally completed its run. As a result and just when we all believed that solutions against phishing scams were within our grasp; it comes along a new form of identity theft.

 

In fact, phishing has evolved towards a new shape.  One that includes emails, instant messages, phone calls, and fax messages… but those of big, big fishes in companies.

 

As you see, new scams for identity theft exploit social engineering approaches. Like this, cyber crimes remain high.  This is the reason why CIOs need to improve their cyber security practices to protect companies against zero-day attacks.

 

From Phishing to Whaling: The natural evolution in identity theft

 

What’s whaling?

 

According to Sharon Shea for TechTarget:

 

Whaling is a type of fraud that targets high-profile end users such as C-level corporate executives, politicians and celebrities.

As with any phishing endeavor, the goal of whaling is to trick someone into disclosing personal or corporate information through social engineering, email spoofing and content spoofing efforts. The attacker may send his target an email that appears as if it’s from a trusted source or lure the target to a website that has been created especially for the attack. Whaling emails and websites are highly customized and personalized, often incorporating the target’s name, job title or other relevant information gleaned from a variety of sources.

 

This is the reason why whaling has become a huge problem for enterprises in the last years.

 

As a matter of fact, companies has reported losses of more than $2.3 billion due to whaling since January of 2015. And the number of victims continues to grow each year.

 


But how does Whaling actually work?

 

Unlike ‘traditional’ phishing scams, whaling is pure social engineering that hackers use to target relationships among employees. Cyber criminals use compromised email accounts through fake domains that may look exactly like the real ones; with subtle changes that are almost imperceptible. That’s why it’s pretty hard to detect the scam.

 

Then, hackers will ask the recipient to do some sort of action; as for instance, asking an employee to move money from one account to another. 

 

In most cases, hackers copy language and phrasing that usually come from finance staff such as CFO; Managers; even the CEO’s.  As real people write these emails, filters do not identify the content as spam. 

 

Another trait in whaling, is the absence of links or attachments. They even add original disclaimers, design and text distribution. That’s why this type of attack has victimized enterprises from across the globe.

 

Avoiding Whaling identity theft

 

Whaling attacks might be hard to pick up with the use of basic spam filtering technologies, there are ways to catch them up.

 

CIOs need to incorporate solutions that will make it easier for IT Departments to inspect the headers in deep; and help to spread the word to identify possible signs in internal communications.

 

For instance; the best tools used against phishing and whaling are those that counts on vulnerability management and analytics that allow to companies to have comprehensive view on their security status.  Among them, Trend Micro Enterprise Security is probably the most complete tool you count on to protect your sensitive data against whaling.

 

Check here what Trend Micro Enterprise Security  has for you, and corroborate why thousands of organizations around the world prefer them to fend off cyber criminals.

 

Avoid becoming a victim of identity theft.  Think ahead and prevent whaling to reach your sensitive data with Trend Micro Enterprise Security. Take a look on our Premium Service Packages.

To see the credits of the images, Here