Whaling or spear phishing attacks refer to scams targeting employees within a business to get confidential information for fraudulent purposes.
The goal is normally to direct you to make payments to a fake website or to download an attachment with malware to record key strokes and passwords.
Carefully crafted by scammers, these types of attacks are particularly effective. They often mimic communications sent by someone you trust in your business. It could be your boss, supplier or co-worker. Moreover, they are often personalised using a format of email address you’re familiar with. This makes them particularly hard to spot quickly.
If you receive email from a sender you don’t know, never click on the links or open any attachments. Instead, verify the identity of the sender by calling the organisation directly.
To protect yourself watch out for:
- urgent emails out of the blue – perhaps a customer complaint or legal subpoena;
- sender address that is similar but not identical to an address you’re familiar with;
- being asked to enter confidential work-related or personal details into a website;
- look for the secure symbol (https:);
- update security software, change passwords and back up content regularly;
- shred all business documents before you dispose of them;
- be mindful of what information is posted on social media websites (develop an internal policy).