A new type of phishing has emerged. Called "whaling", the targets are more specific and are either wealthy, powerful, or both.
"A handful of attacks that took place over the past month in the US market, aimed at smaller, more focused groups of high net worth individuals and senior business executives, has gotten the security world worried about a new threat that's emerging from the collection of nasties that fall under the banner of 'phishing'," says Patrick Evans, regional director for Africa at Symantec.
This type of phishing is more dangerous for two reasons, he explains. Firstly, companies employing the targets stand to lose much more. Secondly, because the attacks are concentrated, phishers spend more time and effort on the "bait", making it near impossible to tell legitimate from illegitimate.
"This has resulted in the success rate of 'whaling' attempts outweighing the success rate of conventional mass market 'phishing' attempts," Evans explains.
According to the latest Symantec Internet Security Threat Report, stolen identities sell online for as little as $1 each, and are sold by the thousands. "Identities stolen through 'whaling' will be worth significantly more," he comments.
"Generally, they entice the target to click on a link or an attachment and thereafter launch a piece of code that either logs the victim's keystrokes or mines their computer for valuable information. In some cases, the user is directed to a dummy Web site where the user enters their username and password."
Although whaling is a fairly new trend, he notes, it poses a serious threat to the market. Once again, the recommendation is increased vigilance and assuming things aren't as they seem, Evans adds.
"After all, being extra-careful never hurt anyone."
Share