Phishing gets bigger: Whaling Attacks

by Ka Edong on May 28, 2008

Teach a man to Phish and he’ll probably get smarter and start to Whale! 🙂
Funny how they come up with terms like these.
From Wikipedia, phishing is an attempt to criminally and fraudulently acquire sensitive information, such as usernames, passwords and credit card details, by masquerading as a trustworthy entity in an electronic communication.
Whaling, as you could imagine, is Phishing on a larger scale.

Here’s an article about Whaling which I got through my e-mail.

Whaling Attacks

Criminals are targeting executives and wealthy end users in phishing scams known as whaling attacks. The fake e-mail messages are more convincing than ever before. The message has a sense of urgency and a link for the victim to click now to take action. This combination makes it easy for even the tech-savviest end user to click the link.

The links lead to a virus that is downloaded onto the users’ computer and steals his or her sensitive information. Since the victims are usually an authority within the organization, this can be especially damaging to the organization, clients, the victim and co-workers.

In June 2007, MessageLabs stopped more than 500 e-mail messages that contained an attachment from a reputable company. The download actually contained an .exe file that, when opened, collected sensitive data from the recipient’s computer. Each e-mail was addressed to the recipient and included his or her name and job title, which made the scam message look reputable. The criminals had collected this personal information through social networking sites by targeting senior executives, or their friends and family. The criminals hoped to hack into the family computer in order to obtain the senior executive’s work information.

Be careful what you click!

ka edong


Previous post:

Next post: