Whaling attacks are not new, but they grow, with the FBI noting that these attacks resulted in losses of more than $12.5 billion during 2018.
Namely, scammers are using social engineering to pretend to be high level executives, in order to trick victims into conducting various activities, including opening malware attachments or transferring payments to suspicious accounts.
In order to do that, they first collect many publicly available information about the targets, such as data from social-media pages and personal facts. After that, in a common scenario, they send e-mails to the victims saying that the supplier’s bank details have changed. To make the e-mail more credible they use the correct logo and name so the victim would recognize it, saying that bank details are changed for the next payment run to the supplier. However, this is a scam and the money is gone.
What is more, the hacker pretends to be the CEO or a high-ranked executive using information they gathered for the victim online. Then the scammers wait until the person they pretend to be posts that they are going on a vacation or will be on a long flight, and sends an email to someone in the finance team, asking them to make an urgent payment. Many times attempts to validate the request fail because that person is on a long flight, so the payment is made.
However, there are ways to prevent these attacks. According to Gard Club and DNV GL, not letting uninvited people into the system, the increase in awareness, the physical protection of the machines and segregating the networks, are all standard and effective ways to improve cyber-security.
Of course, as preventing an attack will not always be possible, the two parties suggest operators to always follow the company's procedures and report the incident, while they should never pay the ransom, if it is asked.