Every person using the internet is prone to cyber attacks, which come in various forms. Now and then, we receive e-mails stating that we have won a lottery or we are getting huge discounts on branded products. And one question arises in our mind on seeing these emails, “Why me?”. Well, surely not because you’re lucky and if you interact with such emails, chances are you’ll run out of luck soon as they are phishing for your data.
Before we start with Whaling, you need to understand a bit about phishing. It is a type of cyber attack in which hackers send emails to the users and ask them to fill their personal details in one form or the other. These emails can be of different types, be it fake emails regarding facebook verification, which might take the user to a website that looks identical to Facebook but is controlled by the hacker.
Another example is an email from someone impersonating a bank executive requesting you to confirm your bank details. These hackers send emails to millions of people at the same time, and a few of them get trapped and become a victim of phishing.
Related: Millennials, Gen Z most likely to lose money to tech support scams: Detailed report
What is a Whaling cyber attack?
Whaling is similar to phishing. While in phishing hackers target the general users, in whaling hackers target the bigger fishes, i.e., those people who have access to sensitive information. These people can be employees holding important positions in companies. They can be managers or senior employees who are authorised to access sensitive data. And if these people get trapped, the damage caused will be unparalleled. The hackers will be able to access important data not only related to the company but also related to its employees and clients.
Also read: Ransomware vs Malware vs Spyware
Protective measures against Whaling?
The biggest problem with whaling attacks is that they are difficult to prevent. For example, an employee could receive an email that resembles a professional email. This email can be a fake transaction email or something that might look like a client’s query mail.
Since these emails are so similar to the official emails, most of the times they aren’t caught even by the firewall or spam filters. Also, hackers do intensive research on the victim before attacking. They track every action of their victim for a few months before attacking. Hackers gather all the knowledge about the interests, hobbies and lifestyle of the victim. This information is used to manipulate the victim emotionally. For example, if the victim is planning a tour, the hackers will send emails related to travelling packages that could look attractive to the victim. Once the link in the email is clicked, the hackers will get access to the victim’s computer system and hack it.
Whaling can be prevented in the following ways.
- Proper training of the employees
- Using spam filters
- Keeping the security patches up to date
- Installing trusted antivirus software
- Deploying web filters so that access to malicious websites can be prevented
- Properly encrypting all the sensitive data
- Sensitive information should be provided only after double-checking it on both the ends
Whaling is a dangerous threat. Though it can be prevented to a great extent by taking proper security measures, the users need to be very cautious. They should not try to access malicious websites and be aware of the links and websites that they open to prevent such attacks. In case one becomes a victim of phishing or whaling, it should be reported immediately to the cyber cell of police so that quick and proper action can be taken to trace the hackers and stop them from accessing confidential data.