Don’t be hooked by ‘whaling’ emails


You will probably be aware of the threat of phishing emails which try to scam individuals out of money. However, businesses should be aware of a new risk, known as ‘whaling’.

Cyber criminals are managing to con large sums of money out of businesses in a very sophisticated scam. Ubiquiti Networks, a technology company in the USA, said it had lost $47m (£30m) in this way.

Whaling is effective as legitimate looking emails are sent to finance directors from company directors, or senior managers, requesting an immediate payment to a supplier of a substantial sum of money. These emails are carefully researched and sent specifically to senior business managers. They are well written and very convincing. Whaling is specifically targeted and differs from ‘phishing’ emails which are sent out to 100s of individuals and often contain spelling mistakes and obvious grammatical errors.

We know of several Edinburgh and Glasgow based businesses who have been targets of ‘whaling’ recently. So, what can you do to avoid falling victim to this latest form of internet crime?

  1. Don’t give any personal or financial details to individuals or companies with out verifying them first
  2. Review the security settings on your social media accounts, cyber criminals can ‘stalk’ individuals to discover working relationships and your usual greetings/style of communication.
  3. Speak personally to the individual who has sent the email to ensure it is a genuine request
  4. Ensure your anti virus software and firewall are up to date
  5. Check email signatures, company logos etc on the email to see if they are of the quality and format you’d expect.
  6. Review your business financial procedures and put in place an authorisation process for payments and transfers.

If you suspect you have been victim of whaling you can contact Action Fraud or call 0300 123 2040.

SortmyPC can provide advice and support on security, anti virus software and firewalls, contact us if you’d like any further information.