What is a Dolphin Hunt?
What is Dolphin Hunting?
Dolphin hunting, also known as “whaling” in the world of computing, is a branch of activities within cyber attacks. As the name suggests, cyber criminals engage in the act of hunting big fish in the digital world, namely individuals with C-level positions such as CEOs and CFOs. The main difference from other phishing methods is that it has a specific target and involves a direct attack plan against that target.
The fundamental principle behind dolphin hunting attacks is to make quick money. In some cases, it is carried out to create a persistent threat on companies. The formation of this threat involves a long-term process of dolphin hunting. Sometimes, it can last for months or even years.
Prior to dolphin hunting attacks, information is gathered about the targeted organization where the intrusion will take place. Some of the collected data sets include details about company employees, security policies, subsidiaries, and customers. Websites are utilized to facilitate data gathering. At times, communication is established with former employees of the company.
The implementation principle of this cyber threat involves gaining the trust of the targeted organization. The significance of the collected data is evident in this stage. As known, dolphin hunting is conducted through email, phone, or social media. A scenario is constructed during the attack, aiming to persuade individuals to believe in this scenario.
The most commonly used method in this cyber attack is internal messaging applications within the company. Emails provide significant advantages for malicious activities in this area. Carefully crafted emails that require attention to differentiate between reality and fiction are sent. Company employees who receive dozens of emails daily often experience distraction and fall into the trap of these emails. If the network infrastructure does not have adequate security solutions, cyber criminals can successfully carry out their dolphin hunting attempts.
For instance, if a payment email is sent to the accounting department of a company under the CEO’s name by a cyber criminal, the accounting employee, if they fall for this bait, will proceed with making the payment to the account specified in the email for the indicated amount. This can cause significant financial losses for companies.
In order to take preventive measures against dolphin hunting and other cyber attacks, companies need to elevate their security practices to a higher level. In addition to software and hardware precautions, employees within the organization should receive training on dolphin hunting and other types of threats. By reading our article titled “How to Achieve Cybersecurity,” you can gain detailed information on the topic of cybersecurity.