Anti-Whaler's Guide

Some common sense pointers to remind your customers and your senior executives in danger of “whaling” include:

See Also: Ransomware: The Look at Future Trends

Tune in to your inner “Doubting Thomas.” Should you receive an email message that appears suspicious, contact the person or organization through a different method (by phone or IM), and don’t click until you confirm that the email is from that person.
Never give personal or financial information to anyone over email (Remember to remind those people out there that unencrypted email is just like a postcard, anyone can read what’s in it.) The email looks like it came from your CFO? Your accountant? Does not matter who appears to have sent it, word to the wise – DON’T!!
Never click on links within emails that look like they’re asking for your personal or financial information. If you feel a need to reply, type the web address into your browser if you believe that it may be real.
Make sure to report any suspicious email you think could be a spear-phishing or whaling message to the appropriate team within your organization. You may have spotted it, but the guy in the next office may have fallen for it.
Check to make sure your desktop protection systems (that’s the anti-virus, anti-spyware, firewall and other software) are always up to date. Just by looking at a suspect email or browsing a web address can sometimes result in malware being dropped onto your machine. (See related story on Bank of India Hack: Bank of India Hack Can Happen Here Be Vigilant).

About the Author

Linda McGlasson

Linda McGlasson

Managing Editor

Linda McGlasson is a seasoned writer and editor with 20 years of experience in writing for corporations, business publications and newspapers. She has worked in the Financial Services industry for more than 12 years. Most recently Linda headed information security awareness and training and the Computer Incident Response Team for Securities Industry Automation Corporation (SIAC), a subsidiary of the NYSE Group (NYX). As part of her role she developed infosec policy, developed new awareness testing and led the company's incident response team. In the last two years she's been involved with the Financial Services Information Sharing Analysis Center (FS-ISAC), editing its quarterly member newsletter and identifying speakers for member meetings.




Around the Network