Spear Phishing and Whaling and Waterholes, OH MY!

Attackers who are trying to break into a system know that the weakest line of defense is often the people. To get to these people attackers use schemes such as phishing, spear phishing, whaling, and watering hole attacks. We will look at each of those attacks and tell you ways to protect yourself.

Phishing Attacks

Phishing attacks are often emails crafted to look like they come from a legitimate website or person, when, in reality, it is the attacker who sent the message. The attacker’s goal is usually for the victim to click a link in the email.  This link takes the victim to a website controlled by the attacker where the attacker can attempt to take over the victim’s computer in several different ways. These attacks often work because people are trusting by nature.  If people don’t closely investigate all their emails, it is easy to fall victim to one of these attacks.

To protect against this attack, users should know what to look for in an email to identify if it is a phishing attack. If the link or website seems odd, users should report it and avoid clicking on the link or entering any information into that suspicious website.

Spear Phishing attacks

Spear phishing attacks are personalized phishing attacks and are difficult to spot because they are customized to the victim organization or the individual user. These targeted emails could reference certain people, phone numbers, job titles, addresses or other information familiar to the victim or the victim’s organization. A common place that attackers find this information is social media such as LinkedIn, Facebook, and Twitter. The goal is usually the same as phishing attacks, get the user to trust the email enough to click on a bad link that takes over their computer or attempts to steal their username and password.

To protect against this attack, it is a good idea to provide ongoing training to employees, so they know techniques to recognize these attacks. Users should avoid putting personal and sensitive information on social media that can be seen by the public.  Companies should also analyze inbound and outbound email to ensure that it is not from a spoofed account that could be attempting to phish them.

Whaling Attacks

Whaling attacks are where the attackers attempt to phish the CEO or other high-ranking employees of a company. Once the attackers have successfully phished the CEO they often impersonate the CEO and attempt to commit fraud by asking departments such as finance or similar departments to wire money.  Employees often do what is asked with minimal questions when they see an email coming from the CEO. Between 2014-2017 the FBI stated that a total of $2.3 Billion was lost due to CEO email scams.

The FBI recommends if you suspect that your company has fallen victim to a CEO email scam you should take the following actions:

  • Contact your financial institution(s) immediately and request that they contact the financial institution where the fraudulent wire transfer was sent.
  • File an official complaint with the FBI Internet Crime Complaint Center (IC3) specifying how much was lost and all available details.

Watering Hole Attack

In nature, predators will lurk around watering holes where lots of animals visit to find their prey.  Cyber attackers employ a similar approach by taking control of a site that is often visited by a target organization.  For example, if an attacker gathers information that the engineering department of a company regularly visits a certain online forum to ask questions or give advice, the attacker might infect that online forum with malicious code to get to their actual target (the engineering department).

To protect against watering hole attacks, make sure that all web browsers and other software used to access resources on the web are up to date and do not have any security holes.  Make sure to scan any files downloaded from the internet for malware.  If you are not sure about a file don’t open it. Have your company’s security team review the file for you.

Learn more about your security

If you would like to learn more about the security of your organization, Complete the Security Self Assessment and get your free 30-minute consultation with one of our security experts. You can also call 952-885-7800 to schedule a consultation right now.