Inky provides protection for whale phishing attacks
targeting high-profile users.
Whaling is a type of attack whereby the criminal impersonates C-level executives and higher-ranking politicians. (the ‘whales’ of an organization or government agency). By assimilating into a believable, trusted figure, the attacker builds rapport, usually using tricks like social engineering to encourage employees to follow directions. After the attacker believes the employees are completely comfortable, the criminal will use email to steal important information, acquire account credentials, or request a financial transfer for their personal gain, at the company’s expense.
High-profile users like your CEO require whaling protection
Unlike regular phishing attacks, whaling attacks are decidedly trickier than their more general counterparts. Attackers rely on the fact we’re too busy to digest each individual element of an email, whether it’s the language, or a fake domain. These rogues get through to busy, employees with communications that look real, circumventing any indication of threat.
Spoofing an email address with a non-existent sender.
The email sender reads firstname.lastname@example.org but in the underlying code, the actual return address reads email@example.com.
Similar fonts and characters.
Certain fonts and foreign alphabets have characters that appear to be specific letters in email addresses or URLs, barely detectable by the human eye. Inky’s Computer Vision tracks and sees these to warn you.
An email looks close to a trusted contact.
Because you exchange messages with firstname.lastname@example.org several times a week, you pay little to the fact you’ve recently been replying to email@example.com instead.
In multi-pronged attacks, an attacker gains access to a real company email
In chess, your carefully take you opponent’s pieces before going after the king. Some email fraud begins with a spear phishing attack that compromises an official account which eludes traditional detection systems.