It has been reported that cyber-thieves are stealing millions of pounds, with a scam based around faking email messages from company bosses. The scam, known as ‘whaling’, is said to spoof messages asking finance staff to rush through a payment to a supplier that the chief executive cannot handle because they are out of the office. Barracuda Networks comments:
Wieland Alge, VP & GM EMEA, Barracuda Networks, says: “Whaling attacks consume a lot of time and effort for hackers. However, the potential of just one successful attack makes it worth their while. With one organisation reportedly losing £30M in an attack, you can see why the hackers are persistent.
“Organisations can start by implementing very strict rules and procedures around transferring money. Questions must be asked when employees receive an email from the CEO. It might be perceived as bureaucratic, but replying to these requests for money to be transferred may provide an anomaly. I have seen cases before where an anomaly was recognised. In this case, the attacker wrote a friendly email and this was flagged as suspicious because the CEO was infamous for writing direct, formal emails.
“A technical approach to protection must also be considered by organisations. Having correct technical protection will not allow internal email-domains to send emails from an external source. Organisations also need to be educating employees to check who the email sender is and not relying on the title sender displayed by Outlook.”