Internet users must always be alert to the proliferation of cyber-scams that threaten our security on the Internet. One of the most common is phishing, which consists of sending fraudulent emails or messages that pretend to be a legitimate entity or company. Their goal is to access the victim’s personal data, infect their device, or steal their money.
But within phishing itself there are other types of deception, such as whaling. The translation of phishing is to fish and whaling refers to a whaler. Thus, cyber scams in the whaling modality differ from phishing in that, while the latter targets users indiscriminately and randomly, whaling goes after ‘big fish’.
One of the most sophisticated cyber scams in this regard is known as CEO fraud. The target of criminals are high-ranking employees of large companies, those who have certain sensitive information and who have access to the company’s financial resources.
This scam uses social engineering to send an email to a company employee posing as the company’s boss, president, director or CEO. In the message, they ask the victim to urgently provide private information, or to make a bank transfer from the company’s account, alleging confidential and urgent reasons.
In order for it to be credible, the message is issued from an email account that replicates the CEO’s original one, or even from the real one after having hacked it. In the latter case, it is even more complex to verify whether it is an attempt to deceive.
In addition, they usually take advantage of moments when the boss is in a meeting or traveling and replicate their usual style of writing. To obtain this type of information, they hack their accounts using spyware, or steal the CEO’s email account credentials.
The most reliable way to verify the authenticity of the sent message is to check the sender’s email address. If the victim is viewing the email from her mobile, she must click on the contact name to verify if it is her official account. You have to look carefully, because it can be almost identical to the original, changing only one letter.
But you may also have received the message from the impersonated real account, so you have to take a good look at the content of the message. If the writing style is suspicious, there are errors in the message, it requests unusual information or bank movements and even with a pressing urgency, we should be wary.
When receiving this type of email, it is best to try to contact the alleged sender by phone to verify the veracity of its content. In addition, it is essential to keep the operating systems and applications of the devices updated and to have an effective antivirus.