Cloud-based email management firm Mimecast, Inc. has issued a warning to organizations of an increased prevalence of targeted whaling attacks.

Whaling attacks are a type of phishing attack that involves the use of email sent from spoofed or similar-sounding domain names and appears to be sent from someone senior in a given company, such as the chief executive officer, usually with an attempt to trick accounting or finance users into making illegitimate wire transfers to cybercriminals.

The type of attack relies on a significant amount of prior research into a target organization to identify the victim and the organizational hierarchy around them.

According to Mimecast research, 55 percent of organizations have seen an increase in the volume of whaling attacks over the past three months.

Domain-spoofing is said to be the most popular attack type (70 percent) while top-level domain squatting is at 16 percent.

Most whaling attacks involved someone pretending to be the CEO of the targeted company (72 percent), while 35 percent had seen whaling emails attributed to the chief financial officer.

Google is the top choice of whalers, with Gmail being used in 25 percent of attacks, followed by Yahoo Mail and Hotmail at eight percent each.

Social media was the main source of information gathered on targets by whalers, with sites like Facebook, LinkedIn and Twitter providing key details that can be used in these attacks.

“Cyber attackers have gained sophistication, capability and bravado over the recent years, resulting in some complex and well-executed attacks,” Mimecast Cyber Security Strategist Orlando Scott-Cowley said in a statement sent to SiliconANGLE. “Whaling emails can be more difficult to detect because they don’t contain a hyperlink or malicious attachment and rely solely on social-engineering to trick their targets.”

Recommendations

Mimecast recommends companies educate senior management, key staff and finance teams on this specific type of attack, and then carry out tests within the business to make sure people are aware of the risk they provide.

Companies should also consider inbound email stationery that marks and alerts employees to emails that have originated outside of the corporate network.

Domain name registration alerting services are recommended so that a business is alerted in the event someone registers a domain name that closely resembles their corporate domain, and companies should also consider registering all available Top-Level Domains (TLDs) for their name.

“The barriers to entry for whaling attacks are dangerously low. As whaling becomes more successful for cybercriminals, we are likely to see a continued increase in their popularity, as hackers identify these attacks as an effective cash cow,” Scott-Cowley added.

Image credit: docentjoyce/Flickr/CC by 2.0