Delving into CEO Scams or Whaling Attacks: How to Identify and Avoid These Targeted Phishing Scams

According to CERT IN reports, the number of phishing incidents has been on the rise in India, wherein 2022 saw a 230% increase in phishing attacks. These attacks had grown threefold in 2022 compared to the year prior, from 523 recorded in 2021 to 1,714 in 2022. 

In September, last year, an official from the Serum Institute of India (SII), a leading pharmaceutical company, fell victim to a sophisticated phishing attack known as whale phishing. The perpetrators, posing as the company's CEO, Adar Poonawalla, contacted the official via WhatsApp and instructed them to transfer a significant sum of money, over Rs 1 crore, to several bank accounts. Believing the message to be authentic, the official proceeded to execute the fraudulent transactions, unknowingly transferring the funds into the hands of the cybercriminals. Upon realizing the scam, the company promptly alerted the Pune police and filed a complaint.

In a landscape of evolving cyber threats, phishing attacks continue to cause devastating consequences for organizations around the world. Although it’s well known that 91% of cyber attacks stem from phishing, why do companies still fall victim to it?

Hackers are becoming more intelligent and are crafting new ways to deliver their phishing payloads. There’s one variation in particular that’s more dangerous than the rest. Enter a more sinister and targeted version of phishing that flies under the radar – the whaling attack.

A whaling attack: Explained

Whaling attacks, also known as “whale phishing,” take their name from the concept of “fishing for whales.” In this example, a “whale” refers to a high-profile target within a company, such as a CEO, CFO or other top-level executive. In contrast with a generic phishing attack, which casts a wide net and is less targeted, whaling attacks are highly focused and personalized. As a result, they often yield a higher success rate than other types of attacks.

Common objectives of whaling attacks include tricking the victim into giving up personal details or sending large sums of money.

Characteristics of a whaling attack

In a whaling attack, there are several characteristics which distinguish it from a general phishing attack. These include:

1. Targeted victims: Hackers carefully research their targets. They scour the web for information on where the targets live, what their social media profiles look like, and other sensitive information that only a close confidant may know.
2. Personalization: Threat actors use sensitive information that they’ve gathered to craft convincing, tailored emails, text messages, or phone calls. In some cases, threat actors will use deepfakes – software that enables them to fake the voice or even video of the target – to convince a decision-maker to hand over sensitive information or wire millions of dollars.
3. Spoofing: Attackers employ advanced techniques to spoof email addresses and domains, making it appear as thought the email is coming from a trusted source within the company.
4. Deceptive content: Whaling emails often contain psychological triggers, such as fake urgent requests for wire transfers, requests for access to confidential data, or other requests for high-impact actions. Threat actors use social engineering to trick their targets into falling for these tactics.

Prevent whaling attacks

If you want to defend against whaling attack, you’ll need a combination of technical and people-focused strategies. These include:

1. Employee training. Ensure that employees of all levels at the company undergo cyber security awareness training to ensure that they know about phishing attacks, whaling attacks and other threats.
2. Multi-factor Authentication (MFA). Implement MFA to add an extra layer of security in order to protect against email phishing threats.
3. Email authentication. Implement email authentication protocols like DMARC (Domain-based Message Authentication, Reporting, and Conformance) to prevent email spoofing and improve the security of your email communication.
4. Email filtering. Utilize advanced email filtering solutions to identify and quarantine any potential phishing or whaling threat. This feature can analyze email content, sender reputation, and other indicators of a whaling attack.
5. Verification procedures. Establish strict verification processes for high-value transactions or requests. For example, employees should confirm requests such as wire transfers with the purported through an alternative communication channel.

Whaling attacks are a sophisticated and highly targeted form of phishing that poses a significant threat to organizations, especially since they target high-profile employees. By understanding what whaling attacks look like and implementing preventive measures, companies can reduce the risk of falling victim to these scams.

What email security solution should you use?

To prevent whaling attacks, implement an email security solution that can identify and block these threats before they are delivered to employees’ inboxes.

By Harish Kumar GS, Head of Sales, India and SAARC, Check Point Software Technologies