Avoid Whaling and CEO Impersonation Scams
Phishing scams have been around for years and malicious emails haven't changed a lot, but the end target has. As surfers and skiers say, "go big or go home," and that's exactly what scammers are doing. Recently, a local oilfield services company contacted BBB about a phishing scam, known as whaling. Whaling attacks “big fish” targets high profile employees, such as the CEO or CFO. By targeting high level executives -- the “big fish” -- scammers can gain complete top down access to all of a business’s operations. The goal is to steal sensitive information such as financial data or personal details about employees.
A related scam is the CEO impersonation scam, where the con artist reaches out to high-level employees who can pay a large bill or provide wide-sweeping information. The scammer pretends to be the CEO or CFO to give the request legitimacy and urgency. The request will often be for a large money transfer via wire, which is non-recoverable. Scammers can often make their requests more plausible by using details gotten by researching the company or hacking emails.
Here are tips to prevent and prepare for potential whaling attacks:
Be wary of short, generic messages. Scammers won't write a long email; they'll try to pass off something short and generic as harmless, hoping you'll click quickly without thinking.
Double check before clicking or downloading. A mouse click is all it takes to inadvertently grant access to your computer, accounts, and information, or unleash malware on your systems.
Think about how you share. Never send sensitive, personal, or proprietary information via email regardless of who's asking you for it.
Watch out for emails to groups. Sending an email "from the CEO" to a staff or employee email list is the fastest way for a scammer to attack and affect an entire business.
Set up processes. Make sure your company has a procedure for all requests involving sensitive information or payments, and make sure that procedure is followed. For particularly wide-reaching requests or large payments, require employees to check with their manager first.
"Look for the Seal” and Start with Trust®. BBB Serving Acadiana is a private non-profit organization. BBB strives for a trustworthy marketplace by maintaining standards for truthful advertising, investigating and exposing fraud against consumers and businesses.
Please contact Better Business Bureau at bbb.org 24 hours a day for information on businesses throughout North America. Consumers can also sign up for our free BBB “Scoop” eNewsletter by visiting bbb.org and clicking on the “Programs & Services” tab.
BBB Serving Acadiana services the parishes of Acadia, Evangeline, Iberia, Lafayette, St. Martin, St. Landry and Vermilion.