Phishing, spear phishing and whaling

According to the UK government department for Digital, Culture, Media and Sport’s ‘Cyber Security Breaches Survey 2017‘ 52% of small businesses have identified at least one cybersecurity breach or attack in the last 12 months. Typically these attacks start by sending an email to someone within your organisation. This method of attack is known as phishing and is designed to either obtain access to a users account or install malicious software. Today these attacks are becoming more sophisticated and targetted.

Spear phishing

Spear phishing is where the attacker is targeting a specific individual. This type of attack is often more successful as it focuses on the individual, and their role within a business. The malicious email is tailored to the individual, such as a fake tax return email.

Whaling

Whaling is a specific type of phishing email, designed to land a big phish, more often than not this is the CEO, CFO or someone at c-level. An example of whaling is were the CEO’s account has been compromised and used to email and instruct the accounts department to transfer sums of money into the attackers bank account.

Understanding the risk

It’s important that you understand the dangers of phishing and make sure your whole organisation is trained on cybersecurity. A great resource on phishing is available from https://www.ncsc.gov.uk/phishing. Alternatively please feel free to contact our security team for a technology audit.