2008 Security Word of the Year: "Whaling"

Posted  January 30, 2008 By Steve

I’m always amused by new security terms. Phishing and Pharming are great (although the latter makes me think of medicines), but my current favorite is "whaling" — targeted phishing of high-ranking executives and the like. It’s an interesting target – they tend not to be highly technical, and at the same time, the rewards to a successful attacker can be great.

I ran across an interesting article on AccountingWeb on the subject via a Google alert a few days ago.

According to security vendor MessageLabs, the latest targets are executives. Finding the names of top executives is easy – they’re usually found on company websites. Cybercrimals then do some research on the individuals and write e-mails that directly relate to their role at the company in hopes that they will click on a link. The link brings the executive to a site where malware is downloaded that tracks their keystrokes, which can reveal sensitive information.

Attacks like this are easy to mitigate against by deploying anti-phishing technology like PhoneFactor. Much harder will be trying to avoid being victimized just through education. Phishing is getting highly technical and very good. With targeted attacks like whaling, education simply isn’t going to cut it.

-Steve