Gone whaling: Web fraudsters land a bigger catch

April 22, 2008

fraud.jpgFirst there was “phishing” – where criminals try to steal people’s personal details using dodgy emails that look like they’re from the bank.

Then there was “spear phishing” – more sophisticated, targeted attempts to defraud specific organisations or their customers.

Now online fraudsters are trying to land even bigger catches by harpooning company bosses and their senior managers.

This latest and most audacious technique is called “whaling”

Fraudsters attempt to lure executives to reveal sensitive details about their business or click on a link in an email that will secretly download malicious software onto their computer.

Criminals could then attempt to defraud the company using the information they quietly gather.

Guy Bunker of Symantec, the Internet security company, says: “Whaling is basically going after the big fish in the sea. It’s targeting people at the top of the organisation.”

“There have been attacks in the States where a whole bunch of CEOs get sent a very official looking email that say you’ve been subpoenaed in court. If you click on this link you’ll get the citation.”

The link was the bait and the boss has exposed his corporation to fraud.

The extent of that problem was laid bare at Infosecurity Europe, an annual computer security conference held in west London.

A government-sponsored survey carried out by PricewaterhouseCoopers said online fraud costs the British economy alone about 6 billion pounds a year.

And with more business carried out online, the problem shows no signs of going away.

Lord Erroll, a technology expert in the House of Lords, told the conference: “The world isn’t going to change with a new generation coming through. It will have gullible and greedy people in it as well.

“So there will be people who do things wrong and are stupid and get conned. Technology alone isn’t going to protect people.”

No comments so far

We welcome comments that advance the story through relevant opinion, anecdotes, links and data. If you see a comment that you believe is irrelevant or inappropriate, you can flag it to our editors by using the report abuse links. Views expressed in the comments do not represent those of Reuters. For more information on our comment policy, see http://blogs.reuters.com/fulldisclosure/2010/09/27/toward-a-more-thoughtful-conversation-on-stories/