It’s evident that social engineering cyber-attacks, namely ‘phishing’ and ‘whaling’ have grown from small-scale issues into pre-eminent threats. Some companies targeted by such scams have lost as much as $57.6m, with the FBI estimating that whaling schemes have cost businesses $2.3bn globally in recent years

It’s evident that social engineering cyber-attacks, namely ‘phishing’ and ‘whaling’ have grown from small-scale issues into pre-eminent threats. Some companies targeted by such scams have lost as much as $57.6m, with the FBI estimating that whaling schemes have cost businesses $2.3bn globally in recent years.

Here's how it works: the cyber-criminal disguises themselves as a figure of authority within a company, such as a Managing Partner or CEO, and sends an email to an employee requesting a data transfer. This message will appear highly credible, have a similar-looking domain name and will be hand-typed by the criminal to avoid spam filter detection. The message will usually be urgent in nature and request immediate action, leading the recipient to ignore standard procedures for fear of being an annoyance to the CEO, which lets admit, none of us want.

So, what do you do?

A lot of people in that situation don’t do their due diligence and without question adhere to the needs of the perceived ‘CEO’. Companies including Snapchat, Seagate and Weight Watchers International have all fallen victim to such attacks in recent times, with 43% of organisations surveyed by Mimecast reporting an increase in attempted sensitive data transfers involving whaling or CEO impersonation fraud in the last 3 months alone.  

“65% of IT professionals don’t feel fully equipped or up-to-date to reasonably defend against email-based attacks”.

Companies may lack the essential security safeguards to deter attackers such as data encryption, endpoint security and email gateway technology to identify suspicious email, but it begs the question - why?

Why, even in the wake of such high-profile companies being attacked by phishing and whaling scams are companies not taking note and improving their security procedures?

Here are five ways you can help guard yourself against attacks:

  1. Educate - Coach employees to recognise impersonation emails.
  2. Simulations – Send staged whaling emails to key individuals to raise awareness.
  3. Email Design – Periodically re-design email layouts and use unique identifiers.
  4. Rethink Procedures – Add extra levels to authentication procedures and second signatures when transferring money to trigger approval.
  5. Pick up the phone – If in doubt, pick up the phone! If there’s been a request to transfer funds, call the company that’s requested it and get it verified.
Wayne Barber
Wayne Barber
Commercial Director, Oosha
accountancy hex image

“Companies may lack the essential security safeguards to deter attackers such as data encryption, endpoint security and email gateway technology to identify suspicious email, but it begs the question - why?”

RELATED ARTICLES

Windows 7 end-of-life is fast approaching – make sure your f...

As with all products, there will come a point when the manufacturers decide no more. The point when they no longer support or make further releases for the product. That moment is looming for Microsoft products...

Is the future of the legal cloud desktop Citrix free?

One of the most frequent conversations we've been having with legal sector IT Managers recently is how will the desktop evolve over the coming years? We all agree that from a user’s point of view the actual des...

How law firms can use the cloud to manage legacy software

Like so many industries, the legal sector has become increasingly reliant on its own specific technology stack - a collection of software and applications delivered via a mix of on-premise and cloud-based solut...

blog-subscribe-bg

Like what you see?

Join our mailing list to receive the latest insights on legal and accounting technology