Home
CA
Social Engineering Tactic: Whaling Attack

CA

Social Engineering Tactic: Whaling Attack

January 30th, 2022 Essays

Social Engineering Tactic: Whaling Attack
Instructions
What is social engineering? Simply put, it is “any act that influences a person to take action that may or may not be in their best interest.” Social engineering is a term that encompasses a broad spectrum of malicious activity.

Select one of the following social engineering attack techniques:

Baiting.
Scareware.
Pretexting.
Phishing.
Vishing.
Tailgating.
Watering hole.
Whaling.
Spear phishing.
Use a Web search engine and search for information about your selected social engineering attack, or visit The Most Common Social Engineering Attacks [Updated 2020].

In addition, find articles about an instance where the chosen social engineering attack was used.

In a 1–2 page paper, respond to the following items:

Describe the attack in detail.
Describe the technique of the attacks.
Describe the effects of the attack both in general and in the specific instance you found.
Assignment help – Discuss three ways to prevent the attack. Provide a rationale.
Use three sources to support your writing. Choose sources that are credible, relevant, and appropriate. Cite each source listed on your source page at least one time within your assignment. For help with research, writing, and citation, access the library or review library guides.
This course requires the use of Strayer Writing Standards. For assistance and information, please refer to the Strayer Writing Standards link in the left-hand menu of your course. Check with your professor for any additional instructions.

The specific course learning outcome associated with this assignment is:

Examine hacking theory, social engineering tactics, and hacker subculture.
1. Describe the attack in detail.
The whaling attack is a derivative of the phishing attack, another social engineering tactic (Paganini, 2021). The whaling attack happens when high-profile individuals in organizations such as the Chief Executive officers or the Chief Financial officers are targeted for extracting information. The malicious attackers prey on these individuals with high churn email accounts such that the possibility of unintentionally opening fake attachments is high. These emails are sent containing attachments such as fake invoices, primarily threats containing macro-codes that could embed into the information systems. Consequently, the code will mine data or undertake sensitive keystrokes.
One prominent example of a whaling attack happened against the Belgian Bank, Crelan. Crelan’s CEO had been ‘whaled’ after conducting a routine internal audit (Tessian, 2021). Crelan was a victim of ‘whaling,’ a form of spear-phishing where the malicious attackers target high-level executives. Consequently, the hackers obtained $75 million from the Belgian bank and have never been brought to justice.
2. Describe the technique of the attacks.
A whaling attack aims to trick an individual into disclosing personal or corporate information via social engineering, email spoofing, and content spoofing efforts (Lutkevich et al., 2021). The attackers would, for instance, choose to send the victim an email that appears to come from a credible source. Some whaling companies would also include customized malicious websites developed for the attack specifically. These attack emails are typically customized and personalized extensively such that they will incorporate the victim’s name, job titles, among other relevant information obtained from other sources. The personalization makes it challenging to detect the whaling attack. When the victims click on the malicious links in the attachments or websites, it will induce them to approve fraudulent wire transfers or even impersonate themselves to convince the employees to carry out the financial transfers.
3. Describe the effects of the attack both in general and in the specific instance you found.
Whaling attacks lead to various consequences. One of them is financial losses which happen when the victims take the bait and send considerable amounts of money to the cybercriminals (Georgescu, 2021). As noted earlier, Crelan, the Belgian bank, lost $75 million to the hackers that used a whaling attack on their CEO. Other effects include data loss since this is one of the aims of cybercriminals to obtain sensitive information. The third effect is disruption of business operations, considering that the attacked organization needs to stop with their daily activities and focus on making progress to notify clients and other stakeholders of the data breach, implement security measures to protect the systems urgently, and work to recover any lost funds. Another effect is brand damage considering that the organization will no longer have the same kind of trust from clients and partners (Georgescu, 2021). The whaling could lead the organization to lose future opportunities as other systems are not trusted.
4. Assignment help – Discuss three ways to prevent the attack. Provide a rationale.
a. Increasing employee awareness on the different social engineering tactics possible, how to identify them, and the preemptive actions that should be taken to prevent any data breach (Lutkevich et al., 2021).
b. Multi-Step verification for all the requests for wire transfers and access to sensitive information. All emails and attachments must be verified to identify any potential malicious traffic.
c. Data protection policies to ensure that emails and files are constantly monitored for suspicious network activities policies should avail a layered defense against attacks such as the whaling attack or phishing in general to reduce the chances of its breach happening at the final line of defense (Lutkevich et al., 2021).
5. Sources
❖ Georgescu, E. (2021, September 6). What is a whaling phishing attack? Definition, examples. Retrieved from https://heimdalsecurity.com/blog/whaling-phishing-attack/#:
❖ Lutkevich, B., Clark, C., & Shea, S. (2021, January 26). What is a whaling attack (Whaling phishing)? Retrieved from https://www.techtarget.com/searchsecurity/definition/whaling
❖ Paganini, P. (2021, August 9). The most common social engineering attacks [updated 2020]. Retrieved from https://resources.infosecinstitute.com/topic/common-social-engineering-attacks/#
❖ Tessian. (2021, April 7). What is whaling? | Examples of whaling attacks | Updated 2021 | Tessian. Retrieved from https://www.tessian.com/blog/whaling-phishing-attack/

Published by

Essays

View all posts

RELATED ARTICLES

Identifying Report Writing Trends

Identifying Report Writing Trends Name Institutional Affiliation Report Writing Trends In Criminal Justice Technology is transforming law enforcement operations in the present century as new technological innovations are introduced for fighting crime (Douglas, 2021). Criminal justice report writing is one of the daily operations benefiting from these innovations. Currently, law enforcement agencies have deployed the […]

Assignment 9: Health Organization Evaluation

Assignment 9: Health Organization Evaluation Research a health care organization or network that spans several states with in the United States (United Healthcare, Vanguard, Banner Health, etc.). Assess the readiness of the health care organization or network you chose in regard to meeting the health care needs of citizens in the next decade. Prepare a […]

Case Study: Preschool Child Week 3 Assignment help – Discussion

Case Study: Preschool Child Week 3 Assignment help – Discussion can you to make : respond 4 question about this case. Reflective Questions 1. What additional assessment information would you collect? 2. What questions would you ask, and how would you further explore this issue with the mother? 3. In what ways does the distance […]

Get affordable writing help - for this paper or similar assignments; by simply placing an order with us!

Place an order | Check Price