Phishing, Whaling and Ransomware
E-mail based attacks on businesses are on the rise as “script kiddies” make way for organised crime.
Criminals are increasingly using sophisticated techniques to target specific businesses and organisations in order to extort money. These techniques are broadly split into three different categories, Phishing, Whaling and Ransomware.
Below we describe Phishing, Whaling and Ransomware attack methods:
Phishing is the original e-mail scam and is an attempt to obtain sensitive information such as passwords, bank and credit card details by impersonating a trustworthy organisation such as a bank or the inland revenue.
Phishing attacks are relatively unsophisticated and rely on sending out huge numbers of e-mails to get a few individuals to reply with the desired details.
One way to protect against phishing is to ensure you use secure authentication when possible.
Ransomware is an evolution of a phishing e-mail using similar techniques but taking them to the next level, impersonating trusted brands or even trusted internal e-mail addresses such as [email protected] or [email protected].
Ransomware relies on you clicking on a link in the e-mail or opening a file attachment, often a compressed attachment. The file that you open or link that you click on then begins a crypto process which proceeds to encrypt company data so that it is unreadable and often unrecoverable. The software will then demand a ransom to decrypt the data.
Ransomware attacks are now increasingly sophisticated with some ransomware even tracking who clicked on the link or opened the attachment so that they can target the same person again with further attacks.
Each subsequent attack increases the ransom that needs to be paid to unencrypt the data.
Ransomware attacks are increasingly targeting specific businesses with documents gathered from incorrectly secured web servers or through gathering logos etc. from the corporate website to ensure the e-mails and documents look as authentic as possible.
Whaling is a technique where e-mails are sent with spoofed (where an e-mail address is impersonated and sent from a server other than it’s normal originating server) display names so that they look as if they are being sent from a senior manager or director and usually ask for a sum of money to be transferred to a bank account.
The e-mails are monitored and once a reply has been received a fraudster will reply to answer any potential queries and inject a sense of urgency or anger into the e-mail to ensure monies are transferred quickly to the nominated account. One way to protect from this is with email security from The Email Laundry.
Need help with resolving an attack?
We can assist with recovering from an e-mail based attack. Simply get in touch on 01482 628800 or use our contact form and we’ll help your business to streamline operations and get better results right away.
Find more information and IT security news here and read our top IT security tips here.