Contact Support

If you are an existing client to get support call us on:

+44 (0)1483 412 042

OR

Login to the portal

Support portal

If you've been given a 6-digit support code

click here

Not an existing customer?

Contact us

Video: Cyber Chat – Episode 6 – Phishing and Whaling

In Episode 6 of Cyber Chat, Rob May explains the difference between Phishing and Whaling and what you can do to protect yourself and your organisation from it.

Managing the ongoing cybersecurity of your IT infrastructure should be a primary concern – whatever the shape or size of your organisation. Cybersecurity breaches are the number one threat in today’s business landscape. Incidents come in many forms: cyber attacks; laptops left on trains; malicious staff; or, even more simply, accidental data loss caused by human error. The human firewall is vital as a line of defence for any organisation and in this video Rob, author of The Human Firewall (available on Amazon) explains what the Human Firewall is.

Find out more about ramsac’s cybersecurity services

 

 

Cyber Chat – Episode 6 – video transcript

Cyber Chat – Episode 6 – transcript

Hi, I’m Rob May, MD of ramsac and welcome to Cyber Chat. Today, I want to talk to you about Phishing and Whaling.

So, Phishing is an email that comes in pretending to be someone that their not. We’ve all received Phishing emails at some point, you probably had the infamous email from a long lost family member who lives in Nairobi and is trying to get money out of the country and into your bank account that’s a crude form of Phishing. And frankly that’s been around since way before email, we used to get those as letters or faxes into the office long before email. But that’s Phishing.
I think a bigger problem is Whaling. So, Whaling is a Phishing attack aimed at the big fish in an organisation. Directors, it’s sometimes called CEO crime and there’s a successful Whaling attack every 15 minutes of every working day in the UK. And by success I mean, that money is transferred out of a bank account of a business into a criminals bank account. So it’s a huge problem and the message just isn’t getting through. And unfortunately, I’ve seen far too many successful whaling attacks.

One that springs to mind. We had a client and the lady in accounts received an email from her MD, and the MD said. I’m at a trade show, which he was and the world knew he was because he’d been tweeting about it. “I’m at a trade show. I met a guy last night and he’s got a service which is going to help us with Project Kylie. Now, the thing that was clever about this was Project Kylie was a top secret project that supposedly only 3 people knew about in the business. I’ve agreed to work with him. Here are his bank details. I need you to pay £7,500 If you could do that when convenient today. I’d really appreciate it. Actually, I’m meeting him for a coffee at 11 o’clock if there’s any chance you could do it before then give me a call and let me know because that would be a nice thing to do and be able to tell him. The thing is that was all written in a way that this particular MD spoke, and the way that he would talk to his Accounts lady, so she read it and just was convinced that it was from him. So, she transferred the £7,500. She phoned him up and said I’ve done it and he said You’ve done what? And I think one of the problems is, the person who presses the button, and remember this is happening every 15 minutes of every working day, The person who presses the button, When they find out their gutted that absolutely gutted that they’ve that they’ve been tricked. But what they will always say is something along the lines of it was definitely from my MD or my CEO or whomever, and it’s more than my jobs worth not to do what my MD tells me to do. And we have to change that culture.

What you need to be sure of, is within your business it’s more than their jobs worth to make a payment based on an email instruction. No one should ever do that. What they should be doing is picking up the phone, saying is this really you? Is this really what you want me to do? So, beware of whaling attacks, there absolutely rife. And you need to be aware of them, you need to tell your staff, and you need to educate your staff not to make any payments on the back of an email instruction. I hope that’s been useful and I look forward to speaking to you again. Thank you.

 

Registration No. 26980136
Terms and Conditions | Privacy Notice
Richard Renson
Richard Renson
16:54 10 Dec 18
Great, helpful IT Kings and Queens
Andrew Worth
Andrew Worth
12:37 30 Aug 18
fine bunch
Colin Warner
Colin Warner
08:46 06 Dec 17
Excellent managed service provider.
Selom B
Selom B
11:58 10 Dec 16
First Class!! Responsive, knowledgeable, professional and very easy to work with - Ramsac have been a fantastic strategic IT partner for the last few years and I'm sure will continue to be for many years going forward. I would highly recommend them!
Ian Windle - Inspiring Leadership
Ian Windle - Inspiring Leadership
08:53 04 Jul 16
Great IT business, with a powerful management team. Could not recommend them more highly.
Patrick O'Luanaigh
Patrick O'Luanaigh
10:55 01 Jul 16
A truly fantastic IT support company - I can't speak highly enough about them.
Sarah Whitemore
Sarah Whitemore
11:59 20 Jun 16
I have known Dan May and Ramsac for 5 or 6 years now. Dan is such a great guy and really helpful with strategic advice and input on all things IT. He's so approachable and doesn't baffle you with IT jargon. If you are looking to outsource your IT or you have a problem you need help with Dan is definitely the one to ask.
Jonathan Richards
Jonathan Richards
12:14 31 May 16
I've worked with Ramsac for many years and whole heartedly recommend their services. They are always professional, approachable and have the rare skill of making IT understandable. Their can do attitude leaves you feeling that you are in safe hands.
See All Reviews
© 2019 ramsac. All rights reserved.