What is Whaling?

Whaling is a type of phishing fraud that targets high-profile end-users such as C-level corporate executives, politicians, and celebrities.

You can configure this feature by assigning one or more email addresses that belong to a User. In this way, through a series of controls, if an attacker tries to impersonate a CEO or a manager, Esva blocks the mail as “Whaling Fraud.”

You can also configure an email notification to the recipient target of the Whaling attempt.

Business email compromise (BEC), Whaling attack, CEO fraud … many different terms to describe a phishing scam where the attacker attempts to impersonate high profile executives.

The attack usually starts with a brief email pretending to come from a C-level executive. “Are you in the office?” is a typical approach.

If the victim replies, then the attacker knows that his email slipped through the defenses and that the victim didn’t spot the scam. The attack can now proceed toward the final target: a wire transfer or divulging of sensitive data.

From an email security perspective, this kind of attack is particularly difficult to block because the emails do not have links or attachments, they are brief, and the messages use a semantic that is common in business emails.

The number of these attacks is quickly rising and it is reaching companies of all sizes. It is also being semi-automated, at least for the initial email approach. Huge losses have been caused by this type of targeted attack.

How Libraesva can help?

The impersonation protection engine analyzes emails directed to the domains of the C-level persons configured in this table. The domains are derived from the entered email addresses and from the domains of all the email aliases of these users (if available).

This is important, especially in an ISP/MSP setup: each “whale” entered in this table is only regarding its domain(s).