Whale Phishing (Whaling)

 Whale Phishing (Whaling) 

Why go after little phish when you can phish a whale? In 2020, Australian hedge fund Levitas Capital found that out the hard way when attackers launched a stealthy whaling attack aimed directly at one of the founders. The bad actors gained entry to the hedge fund’s network after sending the executive a fake Zoom link that installed malware once it was clicked. The malicious code allowed the attackers to infiltrate the targeted email account and subsequently create bogus invoices to the fund’s trustee and third-party administrator, which initiated and approved cash transfer requests resulting in $8.7 million in theft. The bogus invoices also included a request for a $1.2 million payment to suspicious private equity firm Unique Star Trading. The losses were so damaging and extensive that the firm was eventually forced to permanently close.

What you need to know: Whaling is when hackers go after one single, high-value target, such as a CEO. The target is always someone specific, whereas a phishing email may go after anyone at a company. The hackers also usually go after high-profile targets because they may possess important or sensitive information

Comments

Popular posts from this blog

Compromised Credentials

SQL Injection