A sudden rise in the number of “whaling” attacks on corporate data threatens sensitive business information and executives’ financial security. There’s apparently no foolproof method to stop this form of identity theft and related cyber crime, according to VeriSign iDefense Labs, a Virginia-based company specializing in cyber threats.
First came “phishing,” then came “whaling,” which suggests the hunt for the big one. “Phishing” occurs when individuals are tricked into divulging sensitive private information about their finances or personal data used in financial transactions. “Whaling” targets corporate executives and their sensitive business and personal information.
“Whaling” first entered the scene in 2007. Unfortunately, details surrounding these cases are sketchy because victims are reluctant to share their stories due to their corporate status and the sensitive information involved in the cases.
Security experts have a huge challenge on their hands. They say existing security measures do not detect the malicious code involved on the day of the “Whaling” attack.
VeriSign reported that more than 15,000 corporate users became victims of “whaling” during 2008 and the first quarter of 2009. Victims include Fortune 500 companies, government agencies, financial institutions, and law firms. In the attacks two separate groups were able to access corporate banking information, customer databases and other information. Those two groups are believed to have carried out 95 percent of the “whaling” attacks monitored by VeriSign.
The Federal Trade Commission advises victims to file a report with its agency at ftc.org and also their local police department.
