Recently, Interface Technologies wrote a post that discusses the concept of Whaling and the dangers associated with it. In case you missed it, Whaling is a form of Phishing except the main targets are typically the management at companies. Whalers will disguise themselves as C-level executives and send an e-mail internally to an employee requesting that a time-sensitive transfer of funds be made immediately due to an urgent matter. Phishing is when a scammer disguises themselves as an establishment (usually a big bank) claiming that you have either attempted to log in recently and failed (thus, prompted to re-enter sensitive and confidential information to “retrieve” your new password) or other prompts to update your personal information.
How can somebody “disguise” themselves, you ask? Simple:
Whenever anyone sets up an e-mail account, they can choose to have their name appear any way they want; the e-mail address itself can be assigned to a domain with similarities to a well-known establishment and can be as minor of a differentiation as yourbank.net versus yourbank.com – and if we don’t pay close attention, can miss it altogether.
Here’s the bottom line:
An advisor from Royal Bank said, “Fraudulent emails usually ask you to click on a link to type in your personal banking information so your account can be “verified.” In general, you should not give out confidential and financial information online in response to emails from people you haven’t approached first. We will never ask you to give us sensitive information such as your account numbers, PINs, passwords, social insurance number or social security number through email”.