When it comes to online scams, no one is exempted. Any person on the internet can become a victim of con artists, if they are not careful.
The latest email phishing scams are targeting high-level business executives and managers. These phishing scams, dubbed “whaling” because they target the “big fish,” aim to dupe company bosses into clicking on malicious embedded links in email messages.
By targeting high-level management who have access to sensitive business data, scammers can gain top down access to all of a business’s operations, says the Better Business Bureau (BBB), which investigates businesses and company offers that sound like an illegal scheme or fraud.
“We believe there has been a recent uptick in whaling scams aimed at businesses, and we want to warn companies to alert their employees about this potential fraud,” Katherine Hutt, Better Business Bureau national spokesperson, said in a public statement recently.
Small business owners, don’t get caught in whaling scams!
Watch Out for Whaling Email Scams
According to the Better Business Bureau, a high-level business executive gets a short and generic phishing email crafted to resemble correspondence from a trustworthy source. The trustworthy source may be HR, the IT department, or even a government official. Sometimes the email might come disguised as an automated alert from a software system.
If the target clicks a link in the message, malware from the internet downloads into their computer. This downloaded malware allows cybercriminals backdoor access to sensitive data stored in the computer, including financial data, access to passwords or employees’ personal details.
More sophisticated phishing and whaling emails execute hidden code as soon as the email is opened on the target’s computer, so it is important to stay vigilant and guard against this threat. A warning sign to look out for is emails that require a website visit or downloads to view an official document.
Guard Your Business from Phishing Attacks
Whaling scams may also target low-level employees. An employee gets an email spoofing the CEO or other executive asking for information. Because employees don’t typically question higher execs, they may be tricked into sending money, sensitive data or business information to con artists.
One of the first steps you can take to protect your business from phishing attacks is to educate yourself and your employees about online safety. This way you will be able to identify phony emails immediately – and swiftly report cyber-attacks to relevant authorities to stop them from spreading.
Everyone in your business, including managers, should also avoid opening email attachments or clicking on links from unfamiliar and suspicious sources, because these can lead to virus or malware infection.
“Never send sensitive, personal, or proprietary information via email regardless of who’s asking you for it,” the Better Business Bureau warns. “Set up processes. Make sure your company has a procedure for all requests involving sensitive information or payments, and make sure that procedure is followed.”