5 Tips on How to Protect Yourself Against a Whale Phishing Attack


Whale phishing is a phishing scam attack that targets the ‘big fish’ in an organisation; the senior executives and other people with access to highly valuable or sensitive information. The scam lures them to share valuable information or transfer funds into an account managed by the cybercriminal.

Cybercriminals use spymail to gather important information about their ‘big fish’ before they attack. The spymail contains tracking codes that return information to the sender. The person under attack has no idea the information is being collected.

While spam filters and email antivirus have been standard since the late 1990s, they won’t necessarily protect you from a whale-phishing scheme. What you need is an advanced technology solution coupled with cybersecurity policies and training.


Provide special training for people at risk.

It’s important to provide all staff with email security training. However, senior executives and other people with access to highly valuable information require additional special training. This will help them to identify a malicious email and verify the sender. It will also raise awareness of their exposure to risk.


One level of security is never enough.

Cybercriminals are sophisticated. In order to combat them, you need sophisticated multi-layer security systems. Senior executives may unintentionally let their guard down when travelling or accessing emails at home after a long day. Your security solutions need to reach outside the office and nine to five setting.


Revisit your fund transfer procedures.

Many whale-phishing scam attacks are centred on the senior executive transferring funds, so it’s time you revisited your fund transfer procedures. As a minimum, establish a process that requires all transfers to be processed through a secure portal with two-factor authentication.


Implement anti-spymail protection.

Anti-spymail solutions can limit the amount of information an attacker can collect, making it difficult for a cybercriminal to perfectly time a credible attack.


Stay flexible.

Cybercriminals are changing their approach daily. For this reason, your approach to cybersecurity, and your policies needs to remain flexible. Stay alert and be prepared to make a change at any time.


If you need any assistance with your cyber security strategy or any help around cyber security please call us on 1300 4 787 389 or email us at info@suretyit.com.au.


About the Author

Geoff Stewart is a highly experienced and skilled Technology Director at Surety IT. His knowledge is based on years of industry experience having created customised, stable, well performing systems both for multi-national companies in the UK and Australia and Surety IT customers.

Surety IT can help you create the right system to enhance your business, ensuring you know how it is right for you and how to use it. We will tailor a solution to suit your needs with leading systems, local support and more, building your vision for a more flexible and capable business.

Call us today on 1300 4 787 389 or email info@suretyit.com.au to discuss your requirements.