Friday, April 29, 2016

"Whaling"

Last month the IRS issued a warning that CEO's were being either targeted or spoofed to obtain employee information. This isn't exactly new, but the more focused phishing attacks (known as "Whaling") show the increasing sophistication of this new generation of social engineers. Of course your CEO, CFO, or COO is going to be a juicier target because, as Willie Sutton put it, "That's were the money is."
This is a new twist on an old scheme using the cover of the tax season and W-2 filings to try tricking people into sharing personal data. Now the criminals are focusing their schemes on company payroll departments,” said IRS Commissioner John Koskinen. “If your CEO appears to be emailing you for a list of company employees, check it out before you respond. Everyone has a responsibility to remain diligent about confirming the identity of people requesting personal information about employees.”
This follows the trend of more closely targeted phishing attempts, where a few minutes of Googling can produce an "in" that is much less risky than traditional social engineering ploys.

Remind your C level people that they are targets too. They need the training you are no doubt providing to the rest of the company just as much or more than the intern who is right now propping up the water cooler.

No comments: