Email awareness: Are you someone’s white whale?

Email awareness: Are you someone’s white whale?


What happened? 

CyberCX Intelligence is tracking a growing frequency of whaling campaigns. Whaling refers to targeting senior executives and high value individuals with phishing attempts – via email, but increasingly also via text.  

In July, CyberCX Intelligence observed a significant whaling campaign impacting high-profile executives in Australia, the UK and the US. The threat actors used invoice and secure message-themed emails (such as DocuSign) to trick victims into revealing their passwords. This was a sophisticated campaign. In at least 100 instances, the whaling attempt was tailored to the executive being targeted. The threat actor implemented techniques to evade detection and common email screening tools. Once the threat actor compromised one mailbox, we believe they used it to launch further attacks, leveraging the victims’ trusted contacts. 


How could this impact me and my organisation? 

Phishing is the most common and effective attack vector we see across all cyber incidents responded to by CyberCX. Executives are targeted by whaling campaigns due to their access to sensitive company information and their status. To put it bluntly: staff are more likely to act on a malicious request, if they think it has come from their boss. Executives are also more likely to have staff managing their mailbox, who may not have experience with the usual pattern of emails and may be more inclined to open unfamiliar emails.  

As a senior executive, a successful phishing attack against you could lead to a major cyber incident for your organisation (like cyber extortion), direct financial theft, or personal harm if your emails are stolen. While the above July campaign was designed to let attackers access the victim’s organisation, CyberCX Intelligence has also observed whaling being used for direct financial theft. In these cases, the threat actor sends emails from a compromised executive mailbox directing staff to change payee details or create new payments to a threat actor. In 2022, Australian businesses self-reported losses of $224M from these “payment redirection scams”, but actual losses are almost certainly significantly higher. 


What should I do? 

Do you – and those with access to executive mailboxes – know the signs of phishing emails? Look out for: 

  • unexpected messages (e.g. from unknown senders) 
  • requests that create a sense of urgency 
  • links where the text does not match the URL when hovered over, and 
  • requests for information that isn’t usually required (e.g. to log-in with your password).  

Refrain from sending emails (or texts or even voicemails) to your staff outside established business processes. Thinking of shooting off a late-night request from your personal email rather than your enterprise account? Or forwarding an unexpected invoice change without adding context via a courtesy call or different channel? Think again. Setting a precedent for unexpected activity makes it more likely your staff will action an unorthodox, malicious request. 

Conduct a digital footprint assessment to identify publicly available information about you (and key staff) that threat actors could use to craft phishing attempts. This builds awareness of the type of approaches you can expect and empowers you to minimise the amount of information available about you online. 


Could Artificial Intelligence make this threat worse? 

Short answer: yes.  Threat actors have already started using AI-generated voice forgeries. As early as 2019, a UK executive was duped by AI voice cloning – and transferred $240,000 to criminals. Recent breakthroughs in AI are increasing the availability of voice forgeries. As individuals with a public profile, executives have voice samples readily available online that can be used to generate voice clones.  Now is a good time to review – ensure you’re following – your organisation’s policies and processes for requests related to financial transfers. With AI, word of mouth is no longer always reliable.



About CyberCX Intelligence  

CyberCX Intelligence is a uniquely Australia and New Zealand focused capability. We have the information, access and context to give executives a decision advantage – whether that’s minimising their personal risk or leading their organisation’s risk posture.  

Want more? Contact cyberintel@cybercx.com.au to explore how you could partner with cyber intelligence experts who speak your business language and know your sector. You can also subscribe to Cyber Adviser, our bite-sized monthly intelligence newsletter.

Frandelin Diaz

Cyber Security Analyst | CompTIA, Security+ Certified | Network Security | Cloud Security

5mo

The examples of sophisticated phishing attacks targeting executives are interesting. What do you think are the top three practical steps executives can take right now to protect themselves and their organizations from these types of attacks?

Like
Reply
Emily Hartley

Business Analyst & Microsoft relationship at CyberCX

1y
Like
Reply
Emily Hartley

Business Analyst & Microsoft relationship at CyberCX

1y

Nikki Maroney Other than generally following CyberCX, this is the publication that I mentioned that may be informative

Fares Elkordy

Studying at Monash University Bachelor of IT | Double Major in Cybersecurity and BIS | IT Support Engineer

1y

That's a great initiative CyberCX. Well done 👏👏

To view or add a comment, sign in

More articles by CyberCX

Insights from the community

Others also viewed

Explore topics