Cyber Security: Phishing and Whaling

Have you ever received an email that just didn’t seem right?

A couple of weeks ago, we covered ransomware in our Cyber Security series and this week we want to dive into another form of online crime: phishing and whaling.

Phishing is when you receive an email, instant message, or text message from a hacker site posing as a trusted site such as a banking website or retail homepage. The title of the email could say something like “Enter Your Updated Payment Info Now” or “Change Your Password”.The email will then link to a false site formatted to look similar to the authentic site it is mimicking.

In many cases, the message is crafted in much less direct ways. Perhaps from an acquaintance saying something like “Check out what I found online”, followed by a link.

The goal of these hackers is to get you to enter in your personal information (credit card info, usernames, passwords, account numbers) in order to gain access to your finances and/or social media profiles.

Whaling (also known as spear phishing) is a more personalized form of phishing. Instead of reaching out to a general group of people, hackers will design a message specifically for a person or company. These attacks usually target business executives or managers and aim to scare the victim into providing company information in order to “avoid legal fees” or “prevent payment suspension.”

A good example is the PayPal Scam:

Let’s say you get an email from PayPal suggesting that you click a link in order to “Edit Your Payment Information.” The email looks normal at first glance so you click through and are brought to a site that looks exactly like PayPal. You enter in your credit card information and as soon as you hit the “Submit” button, you get a weird feeling in the pit of your stomach. You decide to open up your inbox and take another look at the email. Upon further examination, you realize that though the sender of the email is listed as PayPal, the actual email address is a series of random letters and numbers followed by an unknown domain. You quickly call your credit card company and cancel your card before any damage can be done.

Thanks to your intuition, you were able to stop the attack before it went too far.

So what can you do to prevent this from happening again?

Look around on a website before entering in any personal info. Check the URL and email address associated with the message.  

This can be tricky because clicking an image of linked text can immediately put you on the website that delivers malware to your machine.  A safe way to see a hidden URL is to “hover” over the image or text and look for the URL.  In most mainstream browsers such as Chrome, Edge, and Firefox the URL will appear in the lower right corner of the browser.

Feel it out. If you have an ounce of skepticism, open a new browser and access the trusted website through your own navigation.

Phishing and Whaling is a real thing but you can prevent it with a little awareness and a dash of intuition.


[siteorigin_widget class=”Kadence_Social_Widget”][/siteorigin_widget]

XBLUE Offers Business Phone Systems for offices with 2 to 50 employees.   

Standard and VoIP Systems are available including Cloud VoIP line services.

Learn More About XBLUE Products

Make sure to check out XBLUE Networks on Facebook, Twitter, and Instagram for more helpful tips. If you have a question or topic you would like us to cover, please send us a message.