fbpx
Share

Guest Post – Whaling – the new evolution in email cybercrime

By Ben Adamson, Lead Technical Consultant (Presales) APAC, Mimecast

[Reading time: 1.30 mins]

Everyday cybercriminals learn from yesterday’s attacks to plan new ones. Whaling attacks, also known as Business Email Compromise or CEO fraud, are now the latest frontline.

These attacks are designed to trick key employees into making financial transactions by pretending to be the CEO or CFO in a spoofed email. Some also target those responsible for sensitive employee data, for example HR records or tax information, which could be used for identity theft.

Snapchat is just one example among a string of large organisations hit by attacks. This incident saw a targeted phishing email impersonate CEO Evan Spiegel to leak the company’s payroll data.

CybercrimeThe United States has been beset by these ‘W-2’ tax form attacks while New Zealand’s Inland Revenue has also issued a new warning. As the Australian tax season approaches, organisations must prepare for a new wave of attacks.

Cybercriminals realised that anti-virus, real-time URL checking and other security tools like attachment sandboxing are increasingly making their lives difficult, so new tactics were required. These attacks are designed to pierce email traditional security architecture, be it running on-premises, hybrid or even Office 365.

It’s widely known how damaging ransomware has been to Australian organisations but these sums pale in comparison to this latest threat. The FBI recently reported global business losses due to whaling of more than $1.2 billion in little over two years, and a further $800 million in the six months since August 2015.

This trend is also supported by new Mimecast research. Since January 2016, 67% of firms around the world have seen an increase in attacks designed to instigate fraudulent payments and 43% saw an increase in attacks asking for confidential data.

Even the smartest employees can fall victim to these malware-less crimes. Employee education and rigorous business processes play an important role, and I believe advanced pattern recognition can play a larger role in identifying social engineering attacks.

Email is a vital tool for getting work done but also contains much of an organisation’s valuable data. It’s also the primary vector of attack. As new attack patterns continue to appear, It critical for Australian organisations to invest in more regular training and appropriate security technology.

Data#3’s dedicated security practice, Data#3 Secure provides your business with the right platform to optimise and manage your IT security Environments, delivered via our secure framework.

Tags: Security

Featured

Related

Webinar: Data#3 Licensing Update and Microsoft 365 A5 Deep Dive
Data#3 Licensing Update and Microsoft 365 A5 Deep Dive

During the recent ISQ IT Managers forum, many schools expressed strong interest in a follow-up session on Microsoft 365…

ACSC Essential Eight Maturity Model: Patch Operating Systems
Essential Eight Maturity Model: Patch Operating Systems

In 2021, the Australian Cyber Security Centre (ACSC) updated the Essential Eight Strategies to Mitigate Cyber Security Incidents Maturity…

ACSC Essential Eight Maturity Model: Restrict Admin Privileges
Essential Eight Maturity Model: Restrict Administrative Privileges

In 2021, the Australian Cyber Security Centre (ACSC) updated the Essential Eight Strategies to Mitigate Cyber Security…

Cisco-Meraki-Smart-Spaces
Smart Space Technology is Leading the Fightback Against Rising Energy Costs

Just as the country hit winter, and even Queenslanders were spotted wearing long sleeves, the prospect of power…

Data#3 named worldwide Microsoft Surface+ Partner of the Year
Data#3 named worldwide Microsoft Surface+ Partner of the Year

July 19, 2022; Brisbane, Australia: Leading Australian technology services and solutions provider, Data#3, is delighted to announce that it has…

Data#3 appoints John Tan to CCO
Data#3 appoints John Tan to newly created Chief Customer Officer position

July 13, 2022; Brisbane, Australia: Leading Australian technology services and solutions provider, Data#3, is delighted to announce that it has…

Meraki smart spaces
Smart Spaces: Changing Work for the Better

There’s a certain strangeness to heading back into the workplace after a lengthy spell working from home during lockdowns. Workers…

Customer Story: ElectraNet

ElectraNet cuts costs and increases visibility with technology intelligence solution Download Customer Story…