This site uses cookies to store information on your computer. Some are essential to make our site work; others help us improve the user experience. By using the site you consent to the placement of these cookies.

The Phishing Evolution

Posted on February 6, 2018

Phishing has narrowed its focus from the earliest attempts – hackers spreading a wide net to millions of emails loaded with malicious attachments or links, hoping a recipient would fall into the trap. With targeted phishing, commonly referred to as spear-phishing, these bogus emails are directed to specific people, seemingly from someone they know and likely trust. Whaling attacks are just a continued innovation and evolution of techniques used by hackers, instead of pretending to be someone outside the organization, they pretend to be someone with authority on the inside.

These more sophisticated attacks are usually one link in a very long chain of attacks. In an earlier attack the hacker could get the victim’s name, contact list, message format and all the information that they need to conduct their next attack. The results of the new attack will become input for the next attack, and so on. The victims are not only high-profile, news-making organizations. Smaller businesses are impacted just as often, these companies may lose $20,000 or $30,000, a smaller sum compared to the losses suffered by larger companies, but it can be devastating for a small business.

The Internet and social media have come together as a malicious hacker’s dream. The information available online coupled with some knowledge of a specific business can give an attacker all he or she needs to launch a successful campaign.

It’s widely recognized that perfect security does not exist. It’s going to take enlightened vigilance, ongoing training and continual improvements in email security software to protect both organizations and individuals. People are it. They are almost always your first and last line of defense.

Six Ways to Stop Whaling Attacks

  1. Educate and inform employees
  2. Use simulations, staged attacks to detect organizational weaknesses
  3. Make faking messages difficult by using unique identifiers
  4. Use gateway protections such as DMARC, DKIM and SPF
  5. Use monitoring services to help you stay alert
  6. Review procedures for email authentication and financial transfers

Contact us today to discuss staging a simulation at your organization.

A security compliance program specifically designed for small and midsize businesses.