Haddii aad ka shaqeyso ama aad leedahay shirkad ganacsi, markaa waxaad u baahan tahay inaad ogaato inay mar walba jirto khatar sare oo weerar internet-ka ah iyo khiyaamo dhacaya. Khayaanada iimaylka^{(Email Scams)} ayaa ah kuwa ugu badan dhexdooda. Phishing waxa ay ku timaadaa dhadhano badan sida Tabnabbing, Spear^{(Spear Phishing)} phishing iyo sidoo kale Vishing iyo Smishing. Dhowr maalmood ka hor, waxaan eegnay khiyaanada online-ka ah ee Pharming^{(Pharming online frauds)} - maanta waxaan eegi doonaa khiyaanada Whaling^{(Whaling Scams)} oo ah khatarta soo ifbaxeysa ee amniga internetka.

Waa maxay khayaanada nibiriga

Khiyaanada Whaling^(Whaling) - ka, waxaa lagu bartilmaameedsadaa inta badan iimaylka - it is a specialized phishing scam . Weeraryahanku waxa uu baranayaa hawshaada onlaynka ah oo uu ilo kale ka helo xog waxtar leh oo adiga kugu saabsan. Macluumaadkaasna waxaa loo isticmaalaa in lagu abuuro iimaylka shaqsi ee eegaya xirfadle. Markaad aragto iimaylka rasmiga ah waxay kuu horseedi kartaa inaad iska ilaaliso difaacyadaada waxaana aad u badan tahay inaad aaminto iimaylkan. Fikradda ayaa ah in lagaa helo macluumaadka hawlo kale oo been abuur ah.

Hadda waa inaad ogaataa inuu jiro farqi dhuuban oo u dhexeeya whaling iyo Spear phishing . Jeexinta^(Whaling) ayaa sida caadiga ah bartilmaameedsata madaxda sare, halka khiyaanada dambe ay bartilmaameedsato shaqaalaha shirkadda, macaamiisha shirkadda guud ahaan. Waxaa loo yaqaan whaling sababtoo ah bartilmaameedyadu badanaa waa waaweyn yihiin ama muhiim yihiin. Oo sidaas daraaddeed nibiriyada^(Whales) waxaa loo doortay sababtoo ah awooddooda iyo gelitaanka ururka dhexdiisa.

Sidee buu u shaqeeyaa^(Whaling) iyo sababta lagu bartilmaameedsanayo

Inta badan bartilmaameedyada badanaa waa ganacsatada, ganacsatada, maamulayaasha guud, iyo shaqaalaha shirkadaha^(CEOs) . Bartilmaameedyada badanaa waa ganacsi gaar ah waxaana weerarada loo qorsheeyey ujeedada helitaanka xog kasta oo xasaasi ah oo ku saabsan hawlaha ururka.

Weerarada noocaan ah ee bulshada lagu farsameeyay aad bay u adagtahay in la aqoonsado dadkuna waxay caadiyan ku dhameeyaan xog siinaya khayaanada noocaas ah. Khayaanada ayaa iimayl gaar ah ka soo dirta ciwaan aad taqaanid. Khayaanada ayaa laga yaabaa inay ku daydaan inuu noqdo madaxaaga ama urur kale oo saaxiibtinimo. Ama isaga/iyada waxa laga yaabaa inay ku daydaan sidii lataliyahaaga dhaqaale ama qareenkaaga. Nuxurka iimaylka ayaa inta badan ah feejignaan raadin si aad si degdeg ah uga jawaabto oo ay jirto fursada ugu yar ee lagu qabto.

Iimaylku waxa laga yaabaa inuu u baahdo inaad ku wareejiso xoogaa lacag ah si aad u bixiso biilka saxda ah ama waxa laga yaabaa inuu ku weydiiyo qaar ka mid ah xogta shirkadda ee looga baahan yahay xafiiska dhexe. Ama waxay waydiin kartaa tafaasiil shakhsi ah oo ku saabsan shaqaalaha ururka.

Khayaanada ama qofka wax weeraray ayaa mar hore ku baadhay si ay kuugu abuurto iimaylo gaar ah. Waxayna cilmi-baadhistu ku salaysnaan kartaa dhaqdhaqaaqyadaada onlaynka ah ama macluumaad kasta oo laga helay ilo kale. Iimeyl^{(Whaling emails)} -ku-sheegyada waxa ay u muuqdaan kuwo caadi ah oo qumman taasina waa sababta keliya ee ay dadku dabinka ugu dhacaan. Magacyada, calaamadaha iyo macluumaadka kale ee lagu isticmaalo iimaylka waxa laga yaabaa inay run yihiin ama aanay ahayn. Laakin waxaa loo soo bandhigaa si aan caadiyan dadku u calaamadin karin farqi u dhexeeya iimayladan.

Sidoo kale, ciwaanka iimaylka soo-diraha ama mareegta la sheegay waxay la mid tahay qof aad garanayso. Lifaaqadu waxa laga yaabaa ama ma noqon karaan kuwo xaasidnimo leh. Ujeedada kaliya ee khiyaamadani waa in lagu qanciyo in iimaylka gabi ahaanba caadi yahay una baahan yahay ficil degdeg ah. Oo markaad raacdo tilmaamaha ku jira iimaylka, waxaad ku dhamaanaysaa inaad u daadato xog sir ah qof ama degel aan la ogolayn.

Sida looga ilaaliyo weerarada nibiriga

Waa inaad barataa sida loo garto weerarrada^{(identify Phishing Attacks)} phishing-ka si aad wax badan uga ogaato ka ilaalinta phishingka guud ahaan si aad uga fogaato khiyaanada^{(avoid Phishing scams)} phishingka .

Furaha ilaalinta waa in aad u fiirsato. Akhri dhammaan iimaylada shaqada la xidhiidha dhammaad ilaa dhammaad oo isha ku hay wax kalluun ah. Haddii aad dareentay inay wax ka khaldan yihiin iimaylka, la xidhiidh ururka la sheegay inuu iimaylka ka yimid.

1] Xaqiiji^(Verify) iimaylka soo diraha ka dibna ka jawaab kaliya iimaylada. Caadiyan, shabakadaha ama ciwaanka iimaylka meesha aad ka helayso iimaylada waxay ku dhow yihiin isku mid ciwaanada iimaylka caadiga ah ee laga yaabo inaad taqaan. 'O' waxaa lagu bedeli karaa '0' (eber) ama waxaa laga yaabaa inay jiraan laba 'ss' halkii mid 's' ah. Qaladaadka noocaan ah waxaa si fudud isha bini'aadamku u ilduufay, kuwaas oo saldhig u ah weeraradaas.

2] Haddii iimaylka uu u baahan yahay xoogaa tallaabo degdeg ah, markaa waa inaad si taxadar leh u eegtaa ka dibna go'aan ka gaartaa. Haddii ay jiraan wax xiriiriya degelka dibadda ah, xaqiiji ciwaankooda ka hor inta aanad wax macluumaad ah u gudbin mareegahaas. Sidoo kale, hubi calaamadda qufulka ama xaqiiji shahaadada shabakadda.

3] Ha siin wax maaliyadeed ama faahfaahinta xiriirka degel kasta ama iimaylka. Ogow goorta la aamini karo mareegta^{(Know when to trust a website)} , ka digtoonow ka hor intaadan gujin xiriirinta shabakad kasta^{(precautions before clicking on any web links)} oo raac xeerarka badbaadada isticmaalka intarneedka.

4] Hayso fayraska saxda ah, software firewall oo ilaalinaya kombayutarka hana ka soo dejisan wax lifaaq ah mid ka mid ah iimayladan. RAR/7z ama faylal kasta oo kale oo la fulin karo ayaa inta badan looga shakisan yahay inay ku jiraan wax malware ah ama Trojans . Si joogto ah u beddel furaha sirta ah oo samee kaydka dukumeentiyada muhiimka ah meel ammaan ah.

5 ] Si buuxda^{(] Completely)} u baabi'i dukumeentigaaga jireed ka hor inta aadan tuurin si aysan u bixin wax macluumaad ah oo adiga iyo ururkaaga ku saabsan.

Tusaalooyinka weerrarada nibiriga

Halka aad ka heli karto tiro badan oo ka mid ah sheekooyinka been abuurka ah ee internetka. Xitaa shirkadaha waaweyn sida Snapchat iyo Seagate waxay ku dhaceen dabinada khiyaanadan. Sannadkii hore, shaqaale sare oo Snapchat ah ayaa dhibane u ahaa khiyaanadan oo kale halkaas oo iimayl iska dhigaya madaxa shirkadda uu wax ka waydiiyay liiska mushaharka shaqaalaha. Bal u fiirso tusaalayaal:

• Seagate : Weerar nibiriga oo lagu guulaystay waxa uu ku dhacay tuugo gaadhaysa 10,000 W-2 dukumeenti cashuureed dhamaan shaqaalihii hore iyo kuwii horeba.
• Snapchat : Shaqaale ayaa u dhacay iimayl iska dhigaya codsi ka yimid madaxa fulinta Evan Spiegel^{(CEO Evan Spiegel)} iyo xogta mushaharka ee 700 oo shaqaale ah.
• FACC : Shirkadda diyaaradaha ee Austrian waxay lumisay 50 milyan oo Yuuro weerar nibiriga dartood.
• Ubiquiti Networks : Shirkaddan tignoolajiyada isku xidhka waxa ay la kulantay khasaare dhan $39.1 milyan oo doolar taas oo ka dhalatay weerarka nibiriga.
• Miisaanka Ilaaliyaasha Caalamiga ah^{(Weight Watchers International)} : Iimeyl nibiriga ayaa u oggolaaday tuugada in ay helaan xogta canshuurta ku dhawaad ​​450 shaqaale hadda ah iyo kuwii hore.

Durba waa la khiyaameeyay?

Ma u malaynaysaa in aad dhibane u noqotay khiyaanada Whaling^(Whaling) ? Isla markiiba u sheeg madaxa ururkaaga oo raadso caawimo sharci. Haddii aad siisay faahfaahinta bangiga ama nooc kasta oo sirta ah, isla markiiba u beddel. La tasho khabiir ku takhasusay amniga internetka si aad dib ugu raadiso dariiqa oo aad ogaato qofka weerarka gaystay. Raadso caawimaad sharci oo la tasho qareen.

Waxaa jira adeegyo online oo kala duwan oo la heli karo halkaas oo aad ka sheegi karto khayaanada noocaas ah. Fadlan ka warbixi khiyaamadan oo kale si hawlahooda loo carqaladeeyo oo aanay dad badan u saamayn.

Haddii aad xiisaynayso inaad wax badan ka ogaato, waxa jira eBook-kan ugu fiican ee cinwaankiisu yahay Whaling, Anatomy of an attack , kaas oo aad kala soo bixi karto bilaash.

Ka ilaali naftaada, shaqaalahaaga iyo ururkaaga khayaanada noocaas ah iyo khiyaanada internetka. Faafi ereyga oo ka caawi asxaabtaada, asxaabtaada, iyo qoyskaaga in la ilaaliyo.^{(Protect yourself, your employees and your organization from such frauds and online scams. Spread the word and help your colleagues, friends, and family stay protected.)}

Halkan ka akhriso wax ku saabsan khiyaanada iyo been-abuurka inta badan ee Online-ka ah iyo iimaylka^{(most common Online and Email scams & frauds)} .

What are Whaling scams & how to protect your Enterprise

If you work in or own an enterprise, then you need to know that there is always a high risk of cyber-attacks & scams taking placе. Email Scamѕ are the most common among them. Phishing comes in many flavors like Tabnabbing, Spear Phishing as well as Vishing and Smishing. A few days back, we took a look at Pharming online frauds – today we will take a look at Whaling Scams which is the emerging cyber-security threat.

What are Whaling scams

In Whaling scams, you are targeted usually by email – it is a specialized Phishing scam. The attacker studies your online activity and obtains useful information about you from other sources. And that information is used to create a professional looking personalized e-mail. Seeing an official email can cause you to drop your defenses and you are very likely to trust such email. The idea is to obtain information from you for further fraudulent activities.

Now you have to realize that there is a thin line of difference between Whaling and Spear Phishing. Whaling typically targets high-level executives, whereas the latter scam targets employees of a company, customers of a company generally. It is called Whaling because the targets are usually large or important. And so Whales are chosen because of their authority and access within an organization.

How does Whaling work and why are you targeted

Most of the targets are usually businessmen, entrepreneurs, CEOs, and corporate employees. The targets are usually business specific and attacks are planned for the purpose of obtaining any sensitive information about the activities of an organization.

These kind of socially engineered attacks are very difficult to identify and people usually end up giving data to such scammers. The scammer sends a personalized email from an address you may be familiar with. The scammer may mimic to be your boss or another friendly organization. Or he/she may mimic as your financial consultant or your lawyer. The content of the email is mostly attention seeking so that you may reply promptly and there is the least chance of them getting caught.

The email might require you to transfer some money as a payment to a due bill or it may ask you for some company data that is required at a head office. Or it may ask personal details about the employees of the organization.

The scammer or the attacker has already researched you to create a personalized email for you. And the research may be based upon your online activities or upon any information obtained from other sources. Whaling emails just seem normal and perfect and that is the only reason people fall into the trap. The names, logos and other information used in the email may be real or not. But it is presented in such a way that normally people cannot mark a difference between these emails.

Also, the email address of the sender or the website mentioned is similar to someone you may know. The attachments may or may not be malicious. The sole purpose of these scams is to convince you that the email is completely normal and requires urgent action. And when you follow the instructions in the email, you end up leaking out some confidential data to an unauthorized person or website.

How to stay protected from Whaling attacks

You have to learn to identify Phishing Attacks to know more about protection from phishing in general so that you can avoid Phishing scams.

The key to staying protected is to stay attentive. Read all your work related emails end to end and keep an eye on something fishy. If you just felt that there is something wrong with the email, contact the organization from which the email is said to be.

1] Verify the sender’s email and then only respond to emails. Usually, the websites or email addresses from where you are receiving emails are almost identical to normal email addresses that you may know. An ‘o’ may be replaced with a ‘0’ (zero) or there may be two ‘ss’ instead of one ‘s’. This kind of errors are easily overlooked by a human eye, and these forms the basis of such attacks.

2] If the email requires some urgent action, then you must look carefully and then take the decision. If there are any outbound website links, verify their address before supplying any information to that website. Also, check for the padlock sign or verify the website’s certificate.

3] Do not provide any financial or any contact details to any website or an email. Know when to trust a website, take precautions before clicking on any web links and follow the basic internet usage safety norms.

4] Have proper antivirus, firewall software protecting your computer and do not download any attachments from any of these emails. RAR/7z or any other executable files are most suspected to contain any malware or Trojans. Regularly change passwords and create a backup of important documents at a secure location.

5] Completely destroy your physical documents before disposing of them so that they cannot provide any information about you and your organization.

Whaling attack examples

While you can find a ton of such scam stories online. Even the major companies like Snapchat and Seagate have fallen into the traps of these scams. Last year, a high-rank employee of Snapchat was a victim of such a scam where an email impersonating the CEO of the company inquired about the payroll of the employees. Take a look at some examples:

• Seagate: A successful whaling attack landed thieves up to 10,000 W-2 tax documents for all current and past employees.
• Snapchat: An employee fell for an email impersonating a request from CEO Evan Spiegel and compromised payroll data for 700 employees.
• FACC: The Austrian aircraft industry supplier lost 50 million euros due to a whaling attack.
• Ubiquiti Networks: This networking tech company suffered a $39.1 million loss as a result of a whaling attack.
• Weight Watchers International: A whaling email allowed thieves to obtain tax data for nearly 450 current and former employees.

Already Scammed?

Do you think that you’ve been a victim of a Whaling scam? Immediately inform the head of your organization and seek legal help. If you provided them with any bank details or any sort of passwords, change them immediately. Consult a cyber-security expert to track back the path and know who the attacker was. Seek out for legal help and consult a lawyer.

There are various online services available where you can report such scams. Please report such scams so that their activity can be disrupted and more people are not affected.

If you are interested in knowing more, there is this excellent eBook titled Whaling, Anatomy of an attack, which you can download free.

Protect yourself, your employees and your organization from such frauds and online scams. Spread the word and help your colleagues, friends, and family stay protected.

Read here about the most common Online and Email scams & frauds.

Related posts

• Sida loo hubiyo in xiriirku uu badbaado yahay ama aan la isticmaalin biraawsarkaaga

• Soo ogow in akoonkaaga onlaynka ah la jabsaday & iimaylka & faahfaahinta sirta ah oo la daatay

• Talooyin Badbaadada onlaynka ah ee Carruurta, Ardayda iyo Dhallinyarada

• Maqaalka Amniga Internetka iyo talooyinka isticmaalayaasha Windows

• Ka ilaali carruurtaada waxyaabaha ay ku jiraan dadka waaweyn addoo isticmaalaya Browsing Nadiif ah

• Talooyin ku saabsan sidii aad ugu ilaalin lahayd kombuyuutarrada dadweynaha

• Aaladaha Intarneedka ee Tifaftiraha PDF ee Bilaashka ah ee ugu Wanaagsan ee ku saleysan Daruuraha

• Liiska shabakadaha wax ka beddelka qoraalka ee tooska ah ee bilaashka ah ee ugu fiican

• Aalad Online ah oo Tifaftirayaasha PDF ah oo bilaash ah si aad u saxdo faylasha PDF - PDF Haa

• Taxaddar la qaado ka hor intaanad gujin xiriiriyeyaasha shabakadda ama URL-yada

• Waa maxay phishing iyo sida loo aqoonsado werarada phishing?

• Fayraska COVID-19 phishing, khayaanada, khiyaanada iyo qorshayaasha

• Badbaadada Kumbuyuutarka, Xogta Qarsoonnimada, Buug-yaraha Badbaadada Onlayn ee Microsoft

• Waa maxay Spear phishing? Sharaxaada, Tusaalooyinka, Ilaalinta

• Waa maxay Farta Taraafiga ee Mareegta? Sidee loo ilaaliyaa naftaada?

• Sidee Looga Fogaadaa Khayaanada Khiyaamada iyo Weerarada?

• 5-ta ugu Fiican ee ku darida Qarsoonnimada Firefox ee Badbaadada Intarneedka

• Waa maxay cagajuglaynta internetka? Sidee looga hortegi karaa oo looga warbixin karaa?

• Dib u eegista browserka VPN ee bilaashka ah ee Globus: Siri dhammaan taraafikada, baadh si qarsoodi ah

• Waa maxay Pharming sideese uga hortagi kartaa Khayaanada Intarneedka ah?