In today’s fast moving world of cyber insecurity you would barely find people who are completely unaware of cyber crimes. Phishing as a mode of executing cyber crime has been accepted as the most generic and has continued to remain successful for a long period of time. There are different versions which have now come into practice, adding to the effectiveness of the arsenal of cyber / social engineering tools. Phishing is a broad, mass attack aimed at stealing sensitive information. It is done through emails, websites and messages that impersonate legitimate sources.
When phishing started becoming less effective and paying, then the smarter crooks switched over to what is popularly known as Spear Phishing. It is a targeted attack at a specific individual or organisation and a huge amount of research goes into it. Moving further we move to the highest form of phishing which we term Whaling. It is a highly targeted spear phishing attack aimed at senior executives may it C-suite, board members etc. A recent case of whale phishing attack has been reported by a Pune based firm which was conned of Rs. 1.9 crore.
Here the whaling attack was by impersonating the company’s director. The company is a Pune headquartered consultancy firm. The cyber criminal posing as the company’s director, messaged its accounts manager, with an instruction to make a large fund transfer to fraudulent accounts “for a new project.” A case to this effect was registered by Pune’s Cyber Crime PS. The accounts manager having access to the company’s online banking was targeted by the cyber criminals. Early this month, the accounts manager received a WhatsApp message from an unidentified number. The DP was of the firm’s director. He was told that it was the director’s number and he should save it.
He was messaged by the new number that the company had bagged a new project and Rs.1.9 crore had to be immediately transferred to a bank account. The message had the bank account details. Finding the message as authentic, oblivious of the world around him, the account manager ended up transferring the said amount to a fraudulent account in Churu district of Rajasthan. Sometime later he gets another message to transfer Rs.3 crore. When he said that there were not enough funds, the cyber criminals asked him to liquidate Fixed Deposits of the company. At this point he got suspicious and contacted the director on his known number. The crime came out in the open.
WHALING, IF SUCCESSFUL, DOES PRECISE AND DEEP DAMAGE.
Sanjay Sahay
Have a nice evening.