Some common sense pointers to remind your customers and your senior executives in danger of “whaling” include:
See Also: BSIMM: How To Assess Your Software Security Initiative
Tune in to your inner “Doubting Thomas.” Should you receive an email message that appears suspicious, contact the person or organization through a different method (by phone or IM), and don’t click until you confirm that the email is from that person.
Never give personal or financial information to anyone over email (Remember to remind those people out there that unencrypted email is just like a postcard, anyone can read what’s in it.) The email looks like it came from your CFO? Your accountant? Does not matter who appears to have sent it, word to the wise – DON’T!!
Never click on links within emails that look like they’re asking for your personal or financial information. If you feel a need to reply, type the web address into your browser if you believe that it may be real.
Make sure to report any suspicious email you think could be a spear-phishing or whaling message to the appropriate team within your organization. You may have spotted it, but the guy in the next office may have fallen for it.
Check to make sure your desktop protection systems (that’s the anti-virus, anti-spyware, firewall and other software) are always up to date. Just by looking at a suspect email or browsing a web address can sometimes result in malware being dropped onto your machine. (See related story on Bank of India Hack: Bank of India Hack Can Happen Here Be Vigilant