Introduction
Phishing is infamous when it comes to cyber frauds. Did you know that there is a more specific one known as whaling attacks?
Whaling attacks is the practice of hunting a high level executive or decision maker also known as a big fish. The attackers pose as a CEO or CFO and convince employees to send money, provide their credentials, or release a valuable information.
Whaling is being increasingly threatening because of deepfakes. It is due to this reason that current corporations are resorting to deepfake detection as a form of defense.
What Is a Whaling Attack.
In contrast, whaling emails are unlike generic phishing email as they contain:
Are very specific.
Sound like top managers.
Take advantage of urgent requests such as wire transfer or secret information.
Criminals do their research either on LinkedIn, social media, or websites of the companies that they target. Then they create credible communications that appear and sound natural.
Deepfakes are The New Whaling
Consider a voice message or a video conference very similar to your CEO who tells you to make an urgent payment. This is no longer a science fiction with AI-created deepfake sound and video.
Over the past few years, we have already witnessed real life instances in which companies suffered losses to the tune of millions after being tricked by engulfs through deepfake-perpetrated whaling.
The Signs Spotting
Conventional phishing education assists employees to seek:
Suspicious domains.
Unusual requests.
Formatting problems and typos.
The scam with deepfakes is more genuine though. Because of this reason, businesses need to introduce deepfake detection tools into communication channels.
The Way Deepfake Detection Can Prevent Whaling
It is possible to use deepfake detecting tools:
Voice or video calls synthetics analysis.
Mark abnormal communications patterns.
Notice security departments to check dodgy requests.
The risk is reduced by combining detection with powerful approval processes.
Best Practice to Stop Whaling
Train the employees to check abnormal requests over the phone.
Large transactions should be checked through the multi-step approvals.
Next, protect executive accounts using MFA.
Roll out communication devices that have an in-built detection of deepfake.
Simulate phishing or whaling exercises on a regular basis.
Conclusion
Businesses end up losing billions annually to whaling attacks and the advent of deepfake to scams adds weight to their credibility. The positive news? State of awareness, outstanding internal controls and sophisticated deepfake detection mechanisms can guard organizations against these giant phishing hooks.
