Pune-based company loses 4 crore to whale phishing scam: What is it and how you can protect yourself |


A Pune-based real estate developer recently suffered a loss of Rs 4 crore due to a whale phishing scam. Impersonating the company’s chairperson and managing director, scammers deceived the senior accounts officer into transferring funds from the company’s account to theirs over the course of a week. Here’s all you need to know about the whale phishing scam
A whale phishing scam, also known as CEO fraud, targets high-level executives, celebrities, or other influential individuals with sophisticated phishing attacks. These scams aim to deceive the victim into:
* Revealing sensitive information, like company secrets, financial data, or login credentials.
* Authorising large fraudulent transactions by impersonating legitimate entities like vendors or partners.
Why “Whale”?
These scams are called “whale phishing” because, just like whales are large and valuable catches, these targets hold significant power and access to crucial resources, making them highly desirable for cybercriminals.
How does it work?
Whale phishing relies on social engineering tactics, manipulating the victim’s trust and sense of urgency. Scammers often:
* Gather information: They research their target’s background, interests, and professional relationships to personalise the attack.
* Impersonate trusted entities: They pose as familiar figures like CEOs, board members, business partners, or even close friends or family.
* Craft convincing emails or phone calls: The message appears urgent, legitimate, and tailored to the victim’s specific concerns. They may use pressure tactics, fake documents, or fabricated scenarios to create a sense of urgency and compliance.
* Exploit vulnerabilities: They might leverage recent events, news, or internal issues within the target’s organisation to make the scam more believable.
How to protect yourself:
* Be vigilant: Scrutinise any unexpected emails, calls, or requests, even if they seem urgent or familiar.
* Verify sender identity: Don’t rely on caller ID or email addresses alone. Contact the supposed sender through known channels to confirm their request.
* Beware of pressure tactics: Scammers often create a sense of urgency to push you into making a quick decision. Take your time to verify and avoid rushing into anything.
* Don’t share sensitive information: Never share login credentials, financial data, or confidential information over email or phone calls.
* Educate employees: Organizations should train employees on phishing awareness and best practices for cybersecurity.


Source link

Leave a Reply

Your email address will not be published. Required fields are marked *