Cast your nets and navigate the waters of phishing and whaling

30 October 2024 63
With the digital world evolving at unimaginable speeds, cybercriminals are cashing in as they attack individuals and businesses without constraint from virtually anywhere. South Africa and the African continent are coming under heavy fire from cyber criminals as growing economies expand their internet accessibility and so open new and vulnerable targets for cyber-attacks. In this article, we look at a form of cyber-attack called “phishing” with its variants and what you should look out for.

The intended reasons behind cybercrime may vary, but generally, the objective is to cause financial harm, gain financial benefit, access data, or damage the reputation of a business. While large businesses and corporations are often targeted by cybercriminals, cybercrime is by no means aimed only at these larger businesses. Research indicates that small to medium-sized businesses and individuals are increasingly targeted by cybercriminals.

There are various forms of cybercrime, but a prominent scheme, often employed by cyber criminals, is ‘phishing’. This can take many forms, but generally involves the following:

Email phishing

Email phishing involves email activity in which the sender’s address or other parts of the email header are altered to appear as if the email originated from another source. In phishing scams, users are often lured by communications purporting to be from trusted parties such as social websites, auction sites, banks, online payment processors or IT administrators.

Website spoofing

Website spoofing is the act of creating a website, as a hoax, with the intention of misleading readers that the website in question has been created by a different person or organisation. Often, the spoofing website will contain design elements similar to the target website and a confusingly similar URL.

Smishing

Smishing is the commonly used name for SMS phishing or phishing conducted via text message to a technological device. Instead of sending emails, fraudsters send text messages to obtain a victim’s personal information, money or identity. As the mobile phone market is now saturated with smartphones which all have fast internet connectivity, a malicious link sent via SMS, or text message via an App such as WhatsApp, can yield the same result as if sent via email.

Voice phishing

Voice phishing is a form of criminal phone fraud, using social engineering over a telephone system in an attempt to manipulate the victim to divulge sensitive or confidential information over the phone either to an automated system or a person; and/or gain access to private personal and financial information for the purpose of financial reward.

Whaling

Whaling is a specific form of phishing that's targeted at high-profile business executives, managers, and the like to obtain sensitive information from a company since those individuals who hold higher positions within the company typically have more extensive or complete access to sensitive data. The term ‘whaling’ stems from the size of the attacks, and the targeted victims are thought to be picked, whether targeting directly or indirectly, based on their authority within the company.

With the increasing prevalence of cybercrime, particularly phishing schemes, you and your business must safeguard yourselves against these attacks. Cybercriminals rely on ignorance, human error and vulnerability to facilitate their scams. Ensuring your personal and business digital environments are secure must be a priority. Employers should also have the right policies and training in place to ensure staff risk is mitigated and can consider engaging security and compliance specialists to assist in reviewing and advising on how to better secure your environment against attack.


Disclaimer: This article is the personal opinion/view of the author(s) and is not necessarily that of the firm. The content is provided for information only and should not be seen as an exact or complete exposition of the law. Accordingly, no reliance should be placed on the content for any reason whatsoever and no action should be taken on the basis thereof unless its application and accuracy has been confirmed by a legal advisor. The firm and author(s) cannot be held liable for any prejudice or damage resulting from action taken on the basis of this content without further written confirmation by the author(s). 

Share: