Pune-based company loses 4 crore to whale phishing scam: What is it and how you can protect yourself

9 months ago 15

A Pune-based real estate developer recently suffered a loss of Rs 4 crore due to a whale phishing scam. Impersonating the company's chairperson and managing director, scammers deceived the senior accounts officer into transferring funds from the company's account to theirs over the course of a week. Here’s all you need to know about the

whale phishing scam
A whale phishing scam, also known as CEO fraud, targets high-level executives, celebrities, or other influential individuals with sophisticated phishing attacks. These scams aim to deceive the victim into:
* Revealing sensitive information, like company secrets, financial data, or login credentials.
* Authorising large fraudulent transactions by impersonating legitimate entities like vendors or partners.

Why "Whale"?
These scams are called "whale phishing" because, just like whales are large and valuable catches, these targets hold significant power and access to crucial resources, making them highly desirable for cybercriminals.
How does it work?
Whale phishing relies on social engineering tactics, manipulating the victim's trust and sense of urgency. Scammers often:
* Gather information: They research their target's background, interests, and professional relationships to personalise the attack.

* Impersonate trusted entities: They pose as familiar figures like CEOs, board members, business partners, or even close friends or family.
* Craft convincing emails or phone calls: The message appears urgent, legitimate, and tailored to the victim's specific concerns. They may use pressure tactics, fake documents, or fabricated scenarios to create a sense of urgency and compliance.
* Exploit vulnerabilities: They might leverage recent events, news, or internal issues within the target's organisation to make the scam more believable.
How to protect yourself:
* Be vigilant: Scrutinise any unexpected emails, calls, or requests, even if they seem urgent or familiar.
* Verify sender identity: Don't rely on caller ID or email addresses alone. Contact the supposed sender through known channels to confirm their request.
* Beware of pressure tactics: Scammers often create a sense of urgency to push you into making a quick decision. Take your time to verify and avoid rushing into anything.
* Don't share sensitive information: Never share login credentials, financial data, or confidential information over email or phone calls.
* Educate employees: Organizations should train employees on phishing awareness and best practices for cybersecurity.

Article From: timesofindia.indiatimes.com

Read Entire Article

Note:

We invite you to explore our website, engage with our content, and become part of our community. Thank you for trusting us as your go-to destination for news that matters.

Certain articles, images, or other media on this website may be sourced from external contributors, agencies, or organizations. In such cases, we make every effort to provide proper attribution, acknowledging the original source of the content.

If you believe that your copyrighted work has been used on our site in a way that constitutes copyright infringement, please contact us promptly. We are committed to addressing and rectifying any such instances

To remove this article:
Removal Request