3 September 2015
SMX security alert: Spear phishing and whaling
SMX is alerting customers to an increase in targeted email (AKA spear phishing) attacks currently underway against New Zealand companies and organisations. We would also like to warn that attackers are undertaking sophisticated whaling attacks, researching and identifying 'big fish' within an organisation. These individuals are then attacked with a combination of social engineering and email spoofing techniques in order to elicit funds.
SMX has seen live attacks unfold in real-time where, once they have a 'whale' hooked, attackers purchase brand new domains similar to their intended victims in order to trick companies into transferring cash overseas. Attackers are even following up with telephone calls prior to, as well as during, these attacks to further embellish the hoax.
As such, SMX is recommending all companies and organisations:
- Identify potential whaling or spear phishing targets within your organisation – these roles should include finance, management, and IT security
- Conduct security awareness training for all identified roles – this training should include an awareness of these types of attacks and familiarisation with your organisation’s security policies
- Create and publish robust internal procedures – for handling and identifying security incidents, responding to external queries requesting information on senior company executives, and so on.
Note: Depending on the industry, you may need to conduct training across a wider range of roles within your organisation.
For more information on security awareness training see the NIST publication (PDF).
SMX is continuously working with our vendors and customers to monitor and improve email security, however the sophistication and persistence of these attacks outside of the email flow means companies should not rely solely on computer security and algorithms to protect them. Potential whaling targets need to be aware that criminals are undertaking sophisticated attacks right now and to protect themselves appropriately.
If you have any concerns about a potential whaling or phishing attack please contact the SMX helpdesk via email or phone 0800 769769, select option 1.
Also read SMX CTO Thom Hooker’s blog on the subject.