You’ve heard of phishing, but what is whaling? A whaling attack is a targeted attempt to steal sensitive information from a company. This may be done by hacking a mailbox and then skimming financial or other sensitive information for malicious reasons.
Mailboxes are often hacked for the purpose of sending spam, in which case we will quickly become aware of the problem when our inboxes are flooded with bounce mail. Remedy the situation by resetting the password.
Phishing or whaling, however, can have more disastrous consequences, and compromised mailboxes can stay undetected for a long time.
A typical scenario
A mailbox is cracked due to the use of a weak password. A mail forwarder or message filters are then added to the mailbox to copy or divert mail to an external illegitimate address. An incoming invoice may then be fraudulently copied and updated with the hacker’s banking details. As this invoice was expected, the payment is made without raising any flags.
Simple ways to protect yourself from cybercrime:
Keep your passwords safe
Passwords should not be saved in plain text on your computer. Unprotected passwords can be tracked down by hackers, so consider using a password protection app like 1Password or LastPass, which allows you to store all your vital information in a central, encrypted space.
Beware of phishing emails that entice you to enter your mailbox login details.
Create strong passwords
It’s best to ensure that passwords contain a minimum of 11 characters, with at least one uppercase letter and one number for added resilience. Password apps, such as those mentioned above, provide strong passwords which don’t have to be memorised.
While it may be more convenient to use the same password across numerous services, this can put you at serious risk. Hackers will try the email and password combination from leaked databases on other services. Services like LeakBase and HaveIBeenPawnd allow you to check if your data has been involved in any security breaches. If you find your details on these services, you should change your passwords immediately.
Maintain a watchful eye
If you don’t already have anti-virus and anti-malware software installed on your computer, it’s vital that you rectify this, and run regular scans to check for any vulnerabilities.
If you’re using a public wifi hotspot or computer, make sure it’s reputable, and avoid logging into your online banking or sending any sensitive information if you don’t know the network.
Check your mailbox for forwarders
A popular modus operandi for hackers is to install forwarders on email accounts, which allows them to intercept messages you receive, and conduct fraudulent actions where possible. To ensure that you’ve not been targeted, check your account regularly for forwarders and mail filtering rules. Find out how: Mailbox security checks