If you are employed in the accounting department of your organisation, you must need to be more safety conscious as cybercriminals are now targeting account department executives. Whaling attacks are on the rise and cybercriminals are using domain spoofing techniques to trick end users into completing bank transfers from corporate accounts. Once money has been sent into the account of the hacker, there is a strong probability that the funds will not be retrievable.
Whaling is a form of phishing that involve individuals being targeted and a smaller number of emails being sent than is normally the case with phishing attacks. Cybercriminals are investing a lot of time and effort into researching their targets before initiating their attack.
The aim is to capture intel on a person that has the authorization to make bank transfers from company accounts. Individuals are usually identified and researched following research on social media websites such as Twitter, LinkedIn, and Facebook.
When individuals are identified and the name and email address of their boss, CFO, or CEO is found, they are sent an email asking for a bank transfer be made. The email is well articulated, there is a pressing need for the transfer to be completed and full details are supplied in the email. They are also given a believable explanation as to why the transfer must be completed. The email appear to have been sent from senior management.
In the most of the cases, the transfer request will not follow standard company procedures as these are not known by the hackers. However, since an email will seem to have been broadcast from a senior figure in the company, some account department staff members will not question the request. They will do as the are asked due to fear of the individual in question, or in an effort to show willingness to do what is required of them by their superiors.
Sadly for IT security professionals, whaling emails are difficult to identify without an advanced spam filtering solution in place. No attachments are placed in the email, there are no malicious links, just a set of directions. The attack just uses social engineering techniques to trick end users into completing the transfer.
The whaling attacks are often successful, as users are tricked by a technique titled domain spoofing. Domain spoofing involves the setting up of an email account using a domain that is very similar to that normally sent by the company. Provided the attacker can get the proper format for the email, and has the name of a high-level account executive, at first viewing the email address will appear to be correct.
However, a closer view will show that one character in the domain name is different. Typically, an i will be replaced with an L or a 1, an o with a zero, or a Cyrillic character may be used which is automatically changed into a standard letter. If the recipient looks at the email address, they may not notice the small difference.
To minimize the risk of account department staffing being fooled by whaling attacks, anti-spam solutions should be put in place and configured to block emails from similar domains. Employees must also be told not to complete any transfer requests that arrive via email without first reviewing with the sender of the email that the request is authentic, and to always carefully check the email address of the sender.