Ep 19 Whaling

19 Whaling Hello. Welcome back to USB our Guest, Cyber Security Tips. Thank you for taking a few minutes out of your day to listen. Today's episode is about Whaling attacks

vishing, phishing, smishing... and now whaling. so, what is whaling? A whaling attack is when cyber criminals use spear phishing methods to go after executive, high profile or celebrity targets. These targets often have access to or are gate-keepers to an organization's or their own money, as well as intellectual property.

The attacker may try to trick the executive into clicking on a malicious link that attempts to steal credentials. Or the attacker may masquerade as a client or vendor requesting past due payment to be wired asap.

Something to note about whaling is that once an attacker has access to any of the whale's credentials, they have a couple attack vectors. They can now attempt to trick employees within the organization

the attacker can attempt to extract money by moving horizontally accross the organization to the CFO by requesting money to be wired to an account

the attacker can attempt to fool lower level employees, who are eager to impress, into a gift card scam. where the attacker convinces the employee to purchase gift cards for a 'customer' and sends the codes on the back of the gift cards

In the second example employees within an organization can protect themselves against a compromised whale by doing a live-authentication. This is where you reach out to the whale on another channel, preferrably in person, to authenticate the request for funds or gift cards.

In my opinion, Any executive that acts as this is waste of time or is not willing to participate in live-authentication is foolish. As cyber criminals continue to evolve their schemes such as the newest form of ransomware, where industry secrets are leaked, It's important to always stay sharp and make the human factor harder to hack.

That's all for this episode. If you like what I'm doing here please rate and review the podcast on whatever platform you listen to it on.

Also, I wanted to try something a little different. send an email to usbourguest@gmail.com with 'raffle' as the subject or visit anchor.fm/usbog and leave a voice message with your email by Sunday, October 9th at Midnight for a chance to win a $10 Amazon Gift Card. Your email will be used to send the winner thier prize and will not supplied to advertisers.

Thank you for listening and I'll talk to you again soon