Whaling

M01_L03 M01_L03 Whaling M01_L03 links ReadOnlyText pageLocation Page x of y helpBtn Help Help. Select this button to open the help panel. HelpButtonClicked exitBtn Exit Exit. Select this button to exit the course. ExitButtonClicked mainMenuBtn Main Menu Main Menu. Select this button to access the main menu. MainMenuButtonClicked glossaryBtn Glossary Glossary. Select this button open the glossary. GlossaryButtonClicked resourcesBtn Resources Resources. Select this button to access the resources for the course. ResourcesButtonClicked hideCCBtn Hide Captions Hide Captions. Select this button to hide the caption text. HideCCButtonClicked showCCBtn Show Captions Show Captions. Select this button to show the caption text. ShowCCButtonClicked turnAudioDescriptionsOffBtn Turn Audio Descriptions Off Turn Audio Descriptions Off. Select this button to turn off audio descriptions. AudioDescriptionsOffButtonClicked turnAudioDescriptionsOnBtn Turn Audio Descriptions On Turn Audio Descriptions On. Select this button to turn on audio descriptions. AudioDescriptionsOnButtonClicked skipReverseBtn Skip Backward Skip Backward. Select this button to skip a few frames back. SkipReverseButtonClicked skipForwardBtn Skip Forward Skip Forward. Select this button to skip a few frames ahead. SkipForwardButtonClicked replayBtn Replay Replay. Select this button to replay the current screen. ReplayButtonClicked transcriptBtn Transcript Transcript. Select this button for a transcript of the current page. ShowTextButtonClicked pauseBtn Pause Pause. Select this button to pause the course. PauseButtonClicked resumeBtn Resume Resume. Select this button to resume the course. ResumeButtonClicked previousPgBtn Back Back. Select this button to go to the previous screen. PreviousButtonClicked nextPgBtn Next Next. Select this button to go to the next screen. NextButtonClicked disaldr03_01 1 How do you avoid being a victim when you, as a senior leader, are a special target? How do you protect yourself? How do you protect your mission? Identifying the Threat disaldr03_02 2 disclosing personal information useful in identity theft. And as Mr. Smith and his staffer discovered, phishing can also be an attempt to gain access to your computer or network by requesting that you click a link to download a document or visit been deceived. We all know what to look for now: the requests for personal information, the threats of dire threat implied by being involved in any IG investigation. The reason he and his staffer fell victim was that he received a message that appeared to come from inside his organization, from someone who seemed to actually know of the details of a seemingly official and urgent matter. Another method hackers sometimes use is to target the senior leader or his or her family, by falsely claiming some acquaintanceship with them. Both approaches are part of a technique known as whaling, or whale phishing, a form of phishing sent to senior executives or other high-level officials due to their high profile and their potential access to sensitive and classified information. How Whaling Works disaldr03_03 3 and the sender seems to have a legitimate organizational e-mail address. How did the email seemingly come from inside Mr. regarding an ongoing leak investigation. This is a matter he should not ignore, right? Think about this. The e-mail investigations? Was this e-mail actually digitally signed? Would your staff know what to do? Would you know what to look for? Now imagine if the e-mail Mr. Smith received used a different approach. This is a personalized message from someone who actually seems to have met the Secretary. How did the sender know so much information about his activities and interests? Mr. Smith has a couple of social networking accounts a professional page containing his resume and a Twitter account which he uses to promote his speaking engagements. Would Mr. Smith have been suspicious if he had received this e-mail? Would it have fooled you? Consequences of Whaling disaldr03_04 4 As Mr. Smith and his staffer so painfully learned, once you fall victim to a whaling attack, you provide hackers with an easy path to organizational systems or other people with inside information. Clicking a link or downloading an attachment may install malicious code that can record keystrokes to capture system access credentials and information on How to Protect Against Whaling disaldr03_05 5 Just how do you avoid being a victim? Always be wary of e-mails that ask for sensitive information, contain unexpected attachments, or provide unconfirmed URLs. Remember that hackers can find your personal information in a variety to exploit relevant issues or topics to create a sense of urgency. And they often claim previous acquaintanceships at conferences or official events. Ask yourself: do you actually remember meeting this particular individual? Can you verify they are who they say they are? In addition to knowing how to recognize whaling attempts yourself, be sure that any of your immediate staff who handles correspondence for you is also well-versed in whaling, what it looks like, and how to avoid making you a victim. When immediate staff acts on your behalf, they represent you. Be sure that they know and follow the rules and that they inform you if they suspect whaling. Any time you receive a suspicious e-mail, you or your staff should report it to your security POC and follow their instructions. [Conclusion] disaldr03_06 6 Before Mr. Smith forwarded the e-mail to his staff member, Mr. Smith should have verified that the e-mail was actually from office using a verified phone number. . The investment of just one or two minutes of time would have revealed that this was not a legitimate request. Either Mr. Smith or his staff member could have prevented the hacker from gaining access