Beyond Spear Phishing: How to Address Whaling And More

LANSING – First, there was phishing … then came spear phishing … and now there is whaling — and other new sophisticated social engineering techniques. The bad guys are modifying their deceptive practices. Here’s what you need to know.

Just when you thought you had seen it all regarding online phishing scams, along comes a new round of deceptive emails, phones calls, instant messages and even traditional printouts from your fax machine. And these revamped social engineering approaches are working — fueling a continuing surge in cybercrime.

For companies and for individuals, the stakes online remain very high. Phishing impacts are affecting brand reputation, personal careers and the financial bottom line. What’s scary is that the bad guys are often using hijacked email accounts and other legitimate business channels. The goal: to trick efficiency-minded professionals into carrying-out their online crimes.

What’s new? Several recent “whaling” stories have emerged that don’t involve employees clicking on links or becoming infected with malware. Rather, first the criminals conduct extensive surveillance and gain the required internet credentials. Then a highly targeted end user is tricked into making a fund transfer or authorizing a pending transaction based on an email from their CEO’s personal email account.

To read the rest of this column, click on http://www.govtech.com/blogs/lohrmann-on-cybersecurity/beyond-spear-phishing-how-to-address-whaling-and-more.html

About the Author: Dan Lohrmann

Dan Lohrmann is Field CISO for Presidio. He is an author, blogger, and global keynote speaker on security and technology topics. While serving in Michigan government, he was named SC Magazine CSO of the Year, Governing Magazine Public Official of the Year, and Computerworld Magazine Premier 100 IT Leader. He can be reached on Twitter @govcso