What is whaling phishing? Top tips for a security conscious c-suite

What is whaling phishing? Top tips for a security conscious c-suite

Posted by HTG

No, it’s not some large sea mammal trying to work its way into your company. Whaling phishing is one of the most targeted cyber-crimes out there, and one you should definitely be aware of.

You might already be aware of phishing and have some measures in place to protect against it. It’s a common cyber-attack and it’s on the rise. Google reported that they’ve blocked over 18 million phishing emails a day since the start of the pandemic.

But what makes this new breed of phishing different?

New call-to-action

What is whaling phishing and how can you avoid it?

Whaling phishing adds personalisation to this fraudulent scam. It’s a targeted attack aimed usually at senior executives, with the sender often impersonating CEOs. Like regular phishing, it’s intended to encourage victims to complete an action, such as transferring funds.

With that in mind, here are our top tips to keep you and your business protected.

1. Watch what you put out there

Many whaling phishing scams happen because employees’ personal information is readily available online. To reduce this risk, ask your c-suite to make their Facebook, LinkedIn and other social media pages private.

2. Train your employees

Make sure you provide your employees with the right training and security strategy planning to help them spot these types of scams.

This’ll involve training them to ask questions when emails come through and flag anything suspicious. Were they expecting an email from that person? Did they receive it at an unusual time? Is the person’s tone of voice different?

Training can be as simple as getting your employees or colleagues to look at the full email address of the sender, rather than just the display name.

3. Update your policies

Snapchat was the victim of a massive whaling attack when an employee received a spam email pretending to be from the CEO. As a result, sensitive employee data was lost.

They could have avoided this attack with policies regarding the handling of sensitive information or transferring funds to unrecognised accounts. With GDPR laws potentially being updated for 2022, make sure you keep on top of your responsibilities. After all, non-compliance can land your company in hot water with the law.

4. Consider DLP software

Of the companies that experience data breaches, one in five will lose data, money or other assets.

To prevent this, you may want to invest in Data Loss Prevention policies and software. There’s a wide choice of software to choose from, so you may want to do some research to find one that’s right for you.

5. Be prepared

Ensure your company is ready to deal with these threats.

You can evaluate prepared your company’s preparedness by conducting a cyber security assessment. This will help you understand your current security posture and identify must-have improvements.

Don’t be the next victim

Whaling phishing is a rising threat to your business.

These scams can be easy to fall for, as a lot of them are very convincing. Make sure you’re prepared for any potential attacks by tightening your security, investing in the right technology, and training your employees.

If you’re looking for more information on the top security risks and how to protect against them, watch our webinar.

New call-to-action


Make your next meeting worthwhile

Talk to the people behind the technology. Our team are a safe pair of hands for your business. We are certified experts with leading vendors, but more than that, we have a proven record of results.

Book a call
HTG - Contact CTA