SCARSSCARS SCARS - Society of Citizens Against Relationship Scams Inc. A government registered crime victims' assistance & crime prevention nonprofit organization based in Miami, Florida, U.S.A. SCARS supports the victims of scams worldwide and through its partners in more than 60 countries around the world. Incorporated in 2015, its team has 30 years of continuous experience educating and supporting scam victims. Visit www.AgainstScams.org to learn more about SCARS.™ Guide: There Is A New Kind Of Phishing Called Whaling ScamScam A Scam is a confidence trick - a crime - is an attempt to defraud a person or group after first gaining their trust through deception. Scams or confidence tricks exploit victims using their credulity, naïveté, compassion, vanity, irresponsibility, or greed and exploiting that. Researchers have defined confidence tricks as "a distinctive species of fraudulent conduct ... intending to further voluntary exchanges that are not mutually beneficial", as they "benefit con operators ('con men' - criminals) at the expense of their victims (the 'marks')". A scam is a crime even if no money was lost. Attacks
Whaling: How It Works, And What Your Organisation Can Do About It
A GUIDE TO ‘WHALING’ – TARGETED PHISHING ATTACKS AIMED AT SENIOR EXECUTIVES
Whaling is a highly targeted phishing attack – aimed at senior executives – masquerading as a legitimate email. Whaling is digitally enabled fraudFraud In law, fraud is intentional deception to secure unfair or unlawful gain (money or other assets), or to deprive a victim of a legal right. Fraud can violate civil law (e.g., a fraud victim may sue the fraud perpetrator to avoid the fraud or recover monetary compensation) or criminal law (e.g., a fraud perpetrator may be prosecuted and imprisoned by governmental authorities), or it may cause no loss of money, property, or legal right but still be an element of another civil or criminal wrong. The purpose of fraud may be monetary gain or other benefits, for example by obtaining a passport, travel document, or driver's license, or mortgage fraud, where the perpetrator may attempt to qualify for a mortgage by way of false statements. A fraud can also be a hoax, which is a distinct concept that involves deliberate deception without the intention of gain or of materially damaging or depriving a victim. through social engineeringSocial Engineering Social engineering is the psychological manipulation of people into performing actions or divulging confidential information. It is used as a type of confidence trick for the purpose of information gathering, fraud, or system access, it differs from a traditional "con" in that it is often one of many steps in a more complex fraud scheme. It has also been defined as "any act that influences a person to take any action that may or may not be in their best interests.", designed to encourage victims to perform a secondary action, such as initiating a wire transfer of funds.
Whaling does not require extensive technical knowledge yet can deliver huge returns. As such, it is one of the biggest risks facing businesses. Financial institutions and payment services are the most targeted organizations, however, cloud storage and file hosting sites, online services, and e-commerce sites are receiving a larger share of attacks.
Whaling emails are more sophisticated than generic phishing emails as they often target chief (‘c-level’) executives and usually:
- Contain personalized information about the targeted organization or individual
- Convey a sense of urgency
- Are crafted with a solid understanding of business language and tone
What Are The Consequences Of Whaling?
Whaling emails are a form of social engineering which aims to encourage their victim to take a secondary action such as:
- Clicking on a link to a site which delivers malwareMalware Short for "malicious software," this term means computer viruses and other types of programs that cybercriminals use to disrupt or access your computer, typically with the aim of gathering sensitive files and accounts.
- Requesting a transfer of funds to the attacker’s bank account
- Requests for additional details about the business or individual in order to conduct further attacks
The 2016 Phishing Trends and Intelligence report by PhishLabs™ found that 22% of spearphishing attacks analyzed in 2015 were motivated by financial fraud or related crimes. The table below illustrates five of the largest financial losses to organizations as a result of whaling emails. In these examples, a senior executive received a fraudulent email requesting a transfer of funds, from what appeared to be a trusted supplier, partner or member of the organization.