“Minnowing” and “Whaling”… heard of these terms in relation to computing? No? Well, you’re not alone, apparently the majority of SMEs haven’t either. These are new-ish terms to describe variations of “phishing” – the practice of sending out emails with the hope of convincing someone to click on a link and suffer eternal damnation.
In a recent case in the USA, high-ranking executives across the country were sent an email message that appeared to be an official subpoena from the United States district court in San Diago. The emails included the full details of the executive – name, phone etc and commanded them to appear before a grand jury.
On clicking a link in the message, the recipients unwittingly downloaded and installed software that stored their keystrokes and sent them off to a remote computer. Other examples have, for example allowed remote control of the recipient’s computer – and of course that leads to capturing bank details, login details and even full credit card details.
The term “whaling” comes presumeably because the culprits are trying to catch a “big fish” – but at the other end of the scale we have “minnowing” – typically the criminals may target a large company – the type where few members of staff have the “big picture” – getting information about individuals isn’t hard these days with the proliferation of social networks and so a personalised email arrives informing the user of a change of banking details etc… you know the rest, the victim is fooled into entering confidential information to a website.
How to tackle this – well, there really is no other way to put it – education – users at all levels of the organisation need to be aware that it’s a rough old world out there – they need to know what to look out for… and to be VERY CAREFUL when responding to emails or clicking on web links… a lot easier said than done!