Contact Us




Change Locale

Whaling is getting worse. Here’s how you can stop it

Innovation Executive Forum | Posted on September 15, 2016

With over $3 billion in damages over three years, not only are whaling attacks on the rise — they are evolving in new and nefarious ways to do more damage to your enterprise.

This is the warning coming from the Federal Bureau of Investigation (FBI) in a new public service announcement released this summer.

In the report, the FBI revealed whaling attacks — also known as business email compromise, or CEO fraud — have increased by 1300 percent since January 2015.

Traditionally, whaling attacks involve posing as C-level executives in an email to trick finance teams to make payments to cyber criminals. But, based on complaints received and statistical data, the Bureau said the attacks have evolved to thwart ever-wiser financial teams, targeting other departments with valuable data, such as human resources, sales and R&D.

According to the same report, more than $3 billion in losses with over 22,000 cases have been accounted since as early as 2013. Worse, even if you wanted to insure against such an attack, insurance companies are increasingly hesitant to do so. How do they attach a dollar figure to your precious data? That’s why.

Softchoice spoke with experts at Mimecast, an email security provider, to see just what organizations can do to fend of these cyber whalers. Here’s what we learned:

3 ways to prevent whaling in the enterprise

Understand your current state:
You can’t do anything unless you “know thyself.” Mimecast told us the best way to begin is by conducting a review of which employees have access to valuable IP and data across the organization. You should also review your existing data protection procedures and consider revising how data transfers to external third parties are authorized.

As is the case with so many security threats, your people might be the weakest link. To fend off the “human error” syndrome, think top-down. Educate senior management, key staff and employees on this specific type of attack – make sure everyone knows how it works and is extra vigilant. You can find details of different whaling tactics, and what characteristics to look out for at the end of the FBI warning, here.

Lastly, you need to consider what tools you can use to automate and enhance your email protection capabilities. Our friends at Mimecast suggest the following:

  • Update data loss prevention (DLP) keywords to identify and halt unwarranted data transfers.
  • Consider inbound email stationery that marks and alerts employees to emails that have originated outside of the corporate network.
  • Subscribe to domain name registration alerting services so you are alerted when domains are created that closely resemble your corporate domain.
  • Look into solutions specifically designed to extend email security to guard against targeted threats in email, including whaling attacks.

If you’re looking for a good solution under that last category, Mimecast does offer one, called Impersonation Protect, a service designed specifically to stop whaling and CEO fraud.

Have more questions? Contact your Softchoice representative today to see how we can help protect you against email attacks like this.

Related Articles

  An Interview with Softchoice’s SVP of IT, Jeff Reis When Canada’s most valuable public company Shopify announced it was going “digital by default,” it was a clear sign that the brick-and-mortar office era was forever changed. “We cannot go back to the way things were. This isn’t a choice. This is the future,” tweeted […]

Each year, Softchoice hosts the Innovation Executive Forum, meeting with hundreds of CIOs and senior IT leaders at exclusive events across North America. We capture the best insights in an annual report to share what our IEF members have on their minds and what they’ve learned. Before we get into this year’s report, we wanted […]

The unanticipated changes forced by the global health crisis haven’t been easy for any organization. As an initial response to the situation, many IT leaders and executives had to shift their workforce to all-remote work, whether they were ready or not. Now, many are looking ahead to new challenges as their organizations work to stabilize […]