Australian business leads should be wary of whaling scams: Mimecast

Cybercriminals are commonly using email as an entry point to steal confidential data and dupe employees into making fraudulent payments, according to security firm Mimecast.

Ben Adamson, APAC technology lead at Mimecast said that this kind of fraudulent money extraction technique is known as a whaling attack.

Similar to a phishing attack, a whaling one relies on the user receiving the malicious content to act on it, what makes it different however, is that a whaling attack is targeted, focusing on a large profile individual, with the main incarnation of that being someone who has the power to move some money, or to act and get money moved.

"It's a funny terminology. Even once you get from phishing to spear phishing and then from there to whaling, it is an odd progression," Adamson said.

"Whaling has been very difficult for people -- because that particular message type often doesn't have a technology action. It's not a click through, it's not a malicious attachment."

Adamson said a whaling attack is a human interaction, with a human responding to a direction they believe is being given from someone senior to them.

"It really is a real human interaction. That person or group of people who were running that malicious attempt are going to be waiting for a response, they can have a to-and-fro type conversation," he said.

"It's not simply a large scale firing out of a whole lot of identical spam messages in the hope that you'll distribute a Trojan or fool people by being a Nigerian prince. It's very much a spam-type interaction."

When orchestrating a socially engineered attack, Adamson said perpetrators often take their research to "another level", monitoring the social media accounts of a particular person to wait for the perfect moment to strike.

"The thing that's been most useful for the attackers is knowing when the target is going to be offline for a long period of time, [such as] someone going on a flight," he said.

"Because they know that person is then unavailable, it creates this window of opportunity and that window can then be used to attempt to have money released; knowing the real person isn't going to intervene themselves is a key piece to the puzzle for a lot of these attacks."

Adamson said attackers also play on the emotions of the email receiver, manipulating them into immediately transferring funds.

Whilst he said whaling is still defined as phishing, he said it has become progressively more advanced in comparison to what it was 12-24 months ago.

"I'd say we're in an environment where it's going to continue to evolve," he said. "You can't put all of the phishing types into one basket -- you do need these specialised responses for each of the different types of attacks."

Although specific cases of whaling have not been reported in the local market, Adamson said anecdotally, people are more willing to share information of targeted attacks in a protected forum.

Mimecast claimed whaling attacks cost the global economy billions of dollars annually, with research from the firm showing that since January 2016, 67 percent of respondents had seen an increase in attacks designed to instigate fraudulent payments, whilst 43 percent saw an increase in attacks specifically asking for confidential data like HR records or tax information.

The survey included 436 IT experts from organisations in the US, UK, South Africa, and Australia.