CEO Fraud and the Whaling Attacks you MUST know about

Whaling Definition: Whaling is a type of fraud/cyber-attack that is aimed at people within a powerful position such as a CEO, Senior Executives, C suite, politicians or celebrities.

Hackers Aim: To trick their target into disclosing personal or corporate information or making a large payment into a bank account.

Cyber-attacks aren’t the obvious and spammy link-fuelled emails they once were. Gone are the days of the obvious email strike (looking after a large trust fund or entering the Nigerian lottery aren’t doing the trick as they once did), we have now ushered in an era of cunning and manipulative attacks that are shrouded in the mundane ‘don’t give it a second thought’ emails we receive every day from trusted colleagues and business partners. After all, how many of us would question an invoice query from a colleague we know and trust? Or an email instruction from your boss to carry out a transaction?

But these oh-so-smart attackers don’t stop there. They’re now looking to top-level Executives such as CEOs and CFOs to aid them in securing data and large volumes of capital by “authorising” and processing a payment. This form of attack is referred to as whaling, but is also known as C-level fraud and BEC (business email scam).

Earlier in 2016, following a highly successful whaling attack on an Austrian plane manufacturing company, it was reported that a CEO (of 17 years) was sacked following a staggering €50 million loss to their organisation, which subsequently lead to a 17% drop in share price. This attack also caused the CFO to leave the firm in the wake of the massive backlash. The employee who authorised the payment ordered by the hacker whom she thought was the CEO was dismissed, as was her immediate boss.

The FBI stated in February 2016 that these malicious attacks had raked in a massive $2 billion for hackers and fraudsters.

These whaling attacks are launched via the receipt of an innocent and very normal looking email from a colleague. It all falls apart once the email is opened and the link clicked or attachment downloaded, as once an attack has been launched it can’t be stopped or undone.
Whaling attacks can also come in the form of a supposed CEO asking a colleague to authorise a large payment. Hackers can easily pose as a member of the senior management team via a slightly altered email address and appear to give a direct order. Often ‘colleagues’ (hackers) will ask for emails to be kept confidential, giving the attack an even bigger success rate.

CEO fraud has affected thousands of companies across the globe, including big names Michelin, KPMG and Nestle. These attacks have cost organisations millions of pounds, and they continue to evolve and affect organisations of all shapes and sizes.

How can you spot these emails?

1. Check the address that your email has come from. The domains and email format will change ever so slightly, so they are hard to notice. It could be an extra letter in the company name, replacing an ‘o’ with a ‘c’ or even a .com instead of a

2. Phone your colleague or ask in person if that email is legitimate if you have an inkling there is something fishy (forgive the pun!)

3. Don’t click a link or open an attachment unless you know it’s from a trusted source.

4. Invest in protecting your data by using an anti-malware product such as Sophos Intercept X.

5. Don’t be complacent. If you think something is wrong then investigate further, don’t be pressured into making quick decisions that could have dire consequences.