Social engineering: Whaling

Social engineering: Whaling

Industrial World: Sara Masiero, Communication & Marketing Manager Pittini Group
6 Luglio 2020
Social Engineering: il Whaling
7 Luglio 2020

With whaling, from the English whale (whale), we indicate a phishing1 in which we aim to have a prominent figure, a large fish. With this technique, a prominent figure in an organization is identified as the victim to induce him to share confidential information or pay sums in favor of the attacker. 

The CEO fraud also falls within the whaling area. With particular reference to financial cybercrime, according to the “CLUSIT 2019 Report on ICT security in Italy”, the incessantly more advanced hacking techniques, through the use of malware inoculated by means of phishing techniques, disproportionately expand the attacked subjects, especially in the business relationships. In fact, the purpose of criminal organizations is to meddle in commercial relations between companies by diverting sums to current accounts in the availability of criminals. The BUD (Business Email Compromise) Fraud or CEO (Chief Exeutive Officer) Fraud are the modern application of the attack technique called “man in the middle”. 

In the scam known as BEC, thanks to the email spoofing2 technique, the cyber criminal asks the victim to make a specific gesture, be it a transfer of money or access to confidential information. The victim is probably not suspicious, because the message does not contain attachments and comes from an authoritative source, so he makes the request, especially if similar operations (such as bank transfers) already take place in the organization in the same way. 

In the scam called The Man in the Mail, cyber criminals violate the sender’s or recipient’s mailbox through social engineering techniques or through the theft of credentials, then they enter the flow of the organization after studying its operating methods and characteristics by doing so that payments end up on their checking accounts. This type of scam particularly affects companies that import / export, since the account to which the payment is diverted is located abroad. 

According to the “CLUSIT 2019 Report on ICT security in Italy”, despite the operational difficulty of blocking and recovering the fraudulent sums, especially because they were sent to non-European countries (China, Taiwan, Hong Kong), in the year 2018 the Postal Police was able to block and recover about 9 million euros at source on a fraudulent transaction of 38.4 million euros. In this regard, the international operation called “Emma4”, coordinated by the Postal Police Service with the collaboration of 30 European Countries and Europol, aimed at identifying the money mules3, the first recipients of the sums deriving from computer fraud and campaigns, is important. of phishing, which offer their identity for the opening of current accounts and / or credit cards on which the illicitly acquired sums are then credited. The operation in question allowed 101 money mules to be identified on the national territory, 50 of which arrested and 13 reported. There were 320 fraudulent transactions, for a total of around 34 million euros, of which around 20 million euros have been blocked and / or recovered thanks to the information sharing platform called “OF2CEN”, created specifically to prevent and fight criminal attacks on home banking and e-money services.

1 Through a fishing technique, cyber criminals try to induce the victim, through communications mostly by email, to follow their instructions to connect to a clone website of the original in order to detect confidential information such as example username, password, bank and credit card information, to infect the victim’s computer through the use of malware or to induce undue payments.
2 Send an email making the address corresponding to another account appear as the sender.
3 A money mule, also called a smurfer, is a person who illegally transfers money on behalf of others. Typically, the money mule is paid for services with a small portion of the money transferred.

Bibliography: 

  • Report CLUSIT 2019 
  • Public collection: Phishing campaigns affecting Italian organisations XForce Exchange, 2018 
  • Public collection: Phishing Campaign uses Hijacked Emails to Deliver URSNIF by Replying to Ongoing Threads XForce Exchange, 2018 
  • New Reverse Proxy Tool Can Bypass Two-Factor Authentication and Automate Phishing Attacks SecurityIntelligence .com, 2019 
  • CERT Nazionale italiano, Il malware “AVE_MARIA” diffuso in campagna di phishing ai danni di un’azienda italiana, https://www.certnazionale.it/news/2019/01/14/il-malware-ave_maria-diffuso-in-campagna-di-phishing-ai-danni-di-unazienda-italiana/ 
  • CERT-PA, Phishing: Finta notifica da parte di DHL, https://www .cert-pa.it/notizie/phishing-finta-notifica-da-parte-di-dhl/ 
Condividi su:

Lascia un commento

Il tuo indirizzo email non sarà pubblicato.

EnglishFrenchGermanItalianRussianSpanish