If the technology to scam us advances, we must be prepared to counter it.
The ingenuity of those who use new technologies to take advantage of others seems to have no limit. Today, any of us can be victims of frauds on the internet, both for naivety of those who do not have sufficient knowledge, such as the malice of those who try to get our data and information at all costs. If you want to meet a method quite particular to virtual deceptionthis article will solve your doubts.
On the hunt for the most interesting whales and how to obtain their data through deception
We talk about Whales in this type of fraud, since the english term used makes mention of this gigantic animal. We are in front of a fraud which is becoming more and more common in the business world and which is becoming a phishing variant that we all know, which turns out to be a set of computer techniques that are used to deceive a victim and make them perform actions that they should not. In the same way as a fisherman throw the fish hook Let’s see if a fish bites, here the scammer sends communications in the hope that some unsuspecting person falls into their networks.
This method, also called whaling either CEO fraudnow you will see the reason for this name, it is usually a phishing attack where the fraudulent communication seems to come from a upper estate in the company or a department to which the affected person depends. Sometimes the CEO’s name of the company so that the strategy be more crediblewhich gives him the aforementioned nickname.
The objective of these types of attacks, which focus on a group of specific individuals instead of thousands of people, is take on someone else’s identitywe are facing a form of spear phishing, in order to to access to information stored in a specific organization or company. whether you are looking for money, sensitive documentation or access to networkswhale phishing is usually focused on the business sector.
Relentless methods and solutions that require good IT asset management
there are many methods that are used in this type of fraud. For example, the trickster might intercept an unencrypted email conversation and interfering to obtain a bank transfer at a given time. You could also send the link to a video call meeting, changing the link to a malware that infects your computer equipment and allows you to access its content. could be disguised as HR department and request the payroll of employees, both current and past.
exist various examples of this type of deception. In one of them, as stated in the prestigious medium The Guardian, the company behind Snapchat suffered a whale phishing who released the payment details of your employees. The company stated the following:
We have responded quickly and aggressively. Within the first four hours of the incident, we have confirmed that the phishing attack was an isolated incident and reported it to the FBI. We have started to cross-check which employees, current and former, could have been affected. We have also contacted these employees and offered them two years of free monitoring and identity theft insurance.
In addition to the usual solutionshow to pay attention to grammar of communications, these attacks could be prevented with training. Likewise, having programs that prevent the entry of malware and manage the emails via safe mechanisms, such as establishing a firewall to communications from outside the company, could be other weapons to prevent its success. Since many hackers use personal information to give credence to your scam, posting on social medialike LikedIn or Facebook, should be more controlled by the upper echelons of the company.
The reality is that these types of attacks have occurred in the past, they continue to occur and if you don’t act with training, they will occur more often. The only way What we have to protect ourselves from the bad intentions of these criminal organizations is question all kinds of communications and check your origineven if our workflow slows down.
Related topics: Security