In the murky underworld of online scams, the phish are dangerous. The phrase ‘phishing’ refers to electronic communications, usually emails, which look like they come from a trustworthy source, but are in fact attempts to acquire information such as credit card details or passwords. We’re all sadly familiar with the dodgy email bearing our bank’s genuine logo, asking us to “click the link” to “update our details”. We know enough - at least, I hope we all do - to delete immediately.
But the phishermen are trying to target bigger phish. ‘Whale phishing’ or ‘spear phishing’ refers to the scenario where a scammer targets an organisation and sends personalised emails to either a group of employees or a specific executive officer or senior manager.
The emails refer to fake but critical business matters, such as a legal subpoenas or customer complaints. They appear to have been sent from a trustworthy source, such as an employee or staff member within the organisation. The email addresses used may be similar (but not identical) to an address with which the recipient is familiar.
The scammer’s aim is to convince the recipient to follow a link to a fake website or open a malware-infected attachment. When the fake but convincing website is visited, it will ask you to do one or more of the following:
• enter confidential company information and passwords
• provide financial details or enter them when making a payment for a fake software download.
If financial details are provided, the scammer will use them to commit fraud.
Alternatively, if an email attachment is opened it will download malware onto your computer. Malware can record your key strokes, passwords and other company information, allowing the scammer to access it when you go online.
The waters are dangerous. Be careful while swimming, or even wading. Don’t take the bait.