One of the great things about technology is the way we get to invent fun, new terminology.
A relatively new term in use in the area of phishing is that of ‘whaling’. Use of the term ‘whaling’ within the phishing arena is fairly new and my guess is it derives from the world of gambling where a high stake gambler is often referred to as a ‘big fish’….they don’t get much bigger than a whale and to carry on the gambling parallel for whalers (of the phishing variety) the stakes are also high with the phishing attack targeting high-level executives within companies, significant and specific targets.
A whaling attack is extremely focussed, the phisher focuses on exclusive group of senior personnel within an company and tries to steal their identities, log in details – normally via malware that provides back-door functionality and key logging.
It’s clear that phishing attacks of the tadpole or whaling variety remain a clear and present threat to businesses. There is no evidence to suggest that network security measures like anti-spam protection are discouraging the number of phishing attacks and it’s equally clear that the arrival of social networking in the workplace has presented phishers with a bigger pond to phish in.
A recent SpamTitan survey shows that opinion is divided over whether business network security measures have caused phishing attacks to migrate from email to social networking sites like Twitter or Facebook
37 % saying it is a growing phenomenon
31 % disagree that this is the cause
Instead they regard the move to on-line phishing as a natural response the growth in the user communities of the main social networking sites. Clear policies along with improvements in user education and awareness are really the best way to beat phishing in all its forms.
See how some SpamTitan customers have protected their companies from email phishing attacks