Wessland says such attacks are impossible to pick up with basic spam-filtering technologies, noting that hackers will simply keep creating new fake domains from which to send their targeted messages. "You have to inspect the header of mail more intimately," says Wessland, who is responsible for safeguarding 200 employee email inboxes.
Throwing a net around the whaling problem
Vendors such as Microsoft, Proofpoint, Cloudmark and Mimecast are building tools to help companies defend against these attack. Mimecast, which makes cloud software designed to spot and quarantine phishing emails with malicious attachments and URLs, has just launched a tool designed to harpoon whaling. Called Impersonation Protect, the software's algorithms analyze the language content of emails as they come in through a corporate server. It looks for key indicators, beginning with whether the source name actually works for the company.
The software will then parse the email content for requests that includes keywords and phrases such as "W2" or "wire transfer," and provides a probability score that a target email is either safe or malicious. "One indicator in isolation is not bad, but two together could be fishy," Malone says. A third indicator -- and one unlikely to be caught by one of the corporate employees -- is that the attackers will register a domain similar to the victim company's name. For example, an attacker trying to spoof Mimecast employees might register the domain header "Minecast" and send email from it. CIOs can set policies in Impersonation Protect, programming it to reject suspicious mail or quarantine it for review, Malone says.
The Celtics’ Wessland says he will begin using Impersonation Protect in conjunction with Mimecast's URL and attachment-protection software this month. "Hopefully the automated tool will detect a lie and block or quarantine it and I can go and review it," Wessland says.
How afraid is Wessland of whaling attacks? About as afraid as he is of any cybersecurity threat and targeted attacks. He says he uses a number of desktop antivirus, gateway antivirus and application security tools to fend off attackers. "No matter what you do there always seems to be things that happen and that’s a concern," Wessland says. "All of those things keep me up at night."
Sign up for Computerworld eNewsletters.