Avoid Whaling and CEO Impersonation Scams

Phishing scams have been around for years and malicious emails haven't changed a lot, but the end target has. As surfers and skiers say, "go big or go home," and that's exactly what scammers are doing.  Recently, a local oilfield services company contacted BBB about a phishing scam, known as whaling.  Whaling attacks “big fish” targets high profile employees, such as the CEO or CFO.  By targeting high level executives -- the “big fish” -- scammers can gain complete top down access to all of a business’s operations. The goal is to steal sensitive information such as financial data or personal details about employees.

          A related scam is the CEO impersonation scam, where the con artist reaches out to high-level employees who can pay a large bill or provide wide-sweeping information. The scammer pretends to be the CEO or CFO to give the request legitimacy and urgency. The request will often be for a large money transfer via wire, which is non-recoverable. Scammers can often make their requests more plausible by using details gotten by researching the company or hacking emails.

          Here are tips to prevent and prepare for potential whaling attacks:

• Be wary of short, generic messages. Scammers won't write a long email; they'll try to pass off something short and generic as harmless, hoping you'll click quickly without thinking.

• Double check before clicking or downloading. A mouse click is all it takes to inadvertently grant access to your computer, accounts, and information, or unleash malware on your systems.

• Think about how you share. Never send sensitive, personal, or proprietary information via email regardless of who's asking you for it.

• Watch out for emails to groups. Sending an email "from the CEO" to a staff or employee email list is the fastest way for a scammer to attack and affect an entire business.

• Set up processes. Make sure your company has a procedure for all requests involving sensitive information or payments, and make sure that procedure is followed. For particularly wide-reaching requests or large payments, require employees to check with their manager first.

          For more about scams, go to BBB Scam Tips (BBB.org/ScamTips). To report a scam, go to BBB Scam Tracker (BBB.org/ScamTracker).

          "Look for the Seal” and Start with Trust®. BBB Serving Acadiana is a private non-profit organization. BBB strives for a trustworthy marketplace by maintaining standards for truthful advertising, investigating and exposing fraud against consumers and businesses.

            Please contact Better Business Bureau at bbb.org 24 hours a day for information on businesses throughout North America. Consumers can also sign up for our free BBB “Scoop” eNewsletter by visiting bbb.org and clicking on the “Programs & Services” tab.

           BBB Serving Acadiana services the parishes of Acadia, Evangeline, Iberia, Lafayette, St. Martin, St. Landry and Vermilion.