Mimecast and Kaspersky Labs Warn Enterprises of Whaling and Phishing Threats
CIOREVIEW >> Security >>

Mimecast and Kaspersky Labs Warn Enterprises of Whaling and Phishing Threats

By CIOReview | Monday, December 28, 2015

FREMONT, CA: As enterprises grow, the number of attackers targeting the data, finance or reputation of the enterprises also goes up. Security vendors like Mimecast and Kaspersky Labs warn companies against such threats that are seeping into the corporate world today, reports Jai Vijayen for DarkReading.

Mimecast indicates the increase in whaling and phishing campaigns. Whaling is a fraud targeting on the high end users including corporate executives, politicians and celebrities. On the other hand, phishing is an attempt to acquire sensitive information for malicious reasons targeted at a broad audience. These campaigns aim at making fraudulent wire transfers to bank accounts of attackers by the financial staff of the companies.

According to a research conducted by Mimecast, most of the organizations have seen an increase in the volume of whaling attacks most of which pretend to be either the CEO or the CFO. Also Mimecast says that these whaling activities require a lot of research prior to the attack that they extract from social media websites like Facebook, Twitter and LinkedIn about key executives. Excessive information on these websites can be a rich source of information to these attackers.  In addition, Kaspersky Labs pointed out the increasing phishing attacks focusing on the e commerce websites and its users.

Mimecast’s recommendations for protection against the whaling attacks are educating senior management and finance reams on these attacks; carrying out tests within the business; subscribing  to domain name registration alerting services and reviewing finance ream procedures on how payments to external third parties are authorized.

“Cyber attackers have gained sophistication, capability and bravado over the recent years, resulting in some complex and well executed attacks. Whaling emails can be more difficult to detect because they don’t contain a hyperlink or malicious attachment, and rely solely on social-engineering to trick their targets,” says Orlando Scott-Cowley, Cyber Security Strategist, Mimecast.