Whaling, business email compromise (BEC) and CEO fraud are different names for the same type of phishing attack, which usually exploits the influence senior executives have over lower-level roles to make them wire money to a fraudulent bank account or to forward confidential data. The most targeted executives are those in the HR or financial departments because they have access to what fraudsters are looking for: money, and financial and sensitive information.
Every organisation can be a target
Action Fraud recently warned medical practices of the increased volume of attacks targeting these companies. In this case, the fraud begins with an email that purports to come from the CEO, followed by a phone call and sometimes introducing someone posing as a lawyer or regulator to complete the scam.
Any company can be a target, from the small fish to the global corporation. Last year, big players like Snapchat, Mattel, and cable manufacturer Leoni AG were hit by whaling attacks that cost them negative publicity as well as money (Leoni AG lost €40 million).
Your security depends on your staff’s awareness of phishing attacks
Nowadays, many organisations understand the necessity of staff awareness programmes as a method to reduce the risk of phishing attacks. For instance, Barclays recently launched a video campaign to raise its staff’s awareness of whaling attacks. You can implement the Test-Educate-Assess approach to identify your staff’s vulnerability to phishing scams.
- Step 1: Test your staff with the Simulated Phishing Attack to identify the most susceptible targets.
- Step 2: Educate your whole staff to be more vigilant and better able to detect phishing scams with the Phishing Staff Awareness e-learning
- Step 3: Assess any improvement with a second run of the phishing simulation.
Discover the Phishing Staff Awareness e-learning course >>
Request a free quote for your organisation here.