Earlier this year a volunteer run Tennis Club, was targeted by a new but increasingly common type of phishing attack. The treasurer of the club received a series of emails that purported to be from the chairman, requesting that the treasurer urgently transfer over £10,000 into an account to make a payment that was overdue, and could cause problems for the club if it wasn’t paid quickly.
The fraudsters email looked very convincing and so the treasurer went ahead and made the payment. As you can appreciate, the loss of such a large sum of money was devastating to the club.
This type of attack, known as whaling, is a new form of “phishing” in that it targets one “big fish” organisation as opposed to many smaller consumers and is a highly profitable scam. In recent months several sports organisations, including small clubs and National Governing Bodies, have found themselves the victim to such an attack.
Although cyber-attacks may seem complex, some of the most successful hacks have been achieved using simple methods such as social-engineering to trick their target into transferring large amounts of money straight into a fraudulent account. They don’t even need to use malware technology to gain access to your organisations software.
Cyber criminals conduct their attack by carrying out extensive research into the functional divisions of an organisation by taking information from your company’s website and social media sites such as Facebook, Twitter and LinkedIn to find information on staff within that organisation.
The attack is delivered in the form of a hoax email from a spoof domain name that appears to have been sent by the CEO of the company to the finance department, urgently requesting money to be transferred to an external account. Cyber criminals will impersonate the CEO by engaging in conversation with their target by asking questions such as “Are you in the office today?”, “Can you do me a favour and transfer this money to this account” for a payment request that requires a single sign off to process the transaction.
Unlike other types of spam, whaling emails are more difficult to detect because they don’t have suspicious looking hyperlinks attached that could deter a person from opening an email. The layout of the email is usually well written, inconspicuous and appears to be genuine.
Tips on protecting your club from a whaling attack:
- Provide training and education for your staff and volunteers, particularly those with management and financial responsibility and ensure they are aware of this type of scam.
- Demonstrate examples of how sports clubs and organisations have been caught out in the past by similar attacks.
- Carry out a simulated test within your club in how to identify and prevent a whaling attack.
- Set up an alert system that flags up emails that have been received from outside of your sports organisation.
- Register with a domain alerting service that notifies you when a domain has been created that closely matches your organisations domain.
- Revise and review your financial procedures for sending payment to external parties.
- Keep software up to date and frequently run malware and spyware checks. Inform staff and volunteers about the dangers of opening suspicious looking emails, especially if the email fails to display the senders details in the footer from the organisations address book.
Andy Goulbourne, Associate Director of Sport and Recreation from Perkins Slade adds:
“Cyber-attacks against large corporations are in the news on an almost daily basis but these types of low level frauds, targeted against small organisations, can be really damaging. Several of our clients, from small member’s clubs to National Governing Bodies, have been targeted by phishing attacks that have cost them tens of thousands of pounds. However robust your IT security is, it won’t prevent losses resulting from human error or this kind of deception. A specific cyber and data insurance policy could cover the cost of such a loss, and would also provide essential IT and legal support in the event of an attack on your website or in the case of a denial-of-service (DOS) issue in an attempt to corrupt an organisations network to make it temporarily or indefinitely unavailable for its users. This could lead to a loss of revenues and high costs to restore the website as well as causing damage to your sports organisations reputation and customer relations”.
How can we help?
For more information on whaling attacks and cyber-crime visit Mimecast.com or to discuss your club’s insurance needs call us on 0121 698 8000
* Statistics according to a survey conducted my minecastBack to top
- Perkins Slade raise funds for the QE Hospital Charity
- Keep your technology safe and secure when travelling for business
- Bombing Incidents: Security Advice
- Sugar and spice... and some things nice
- Insurance premium tax to rise to 10% ahead of the 2016 Budget
- Notifying all businesses of changes to HSE sentencing
- Dangerous driving - Death by phantom drivers!
- Assessing the safety needs of female business travellers abroad
- Happy Christmas from Perkins Slade
- Dallas- The Autumn Statement from Southfork Ranch
- Travel Insurance for extreme sports abroad
- The Zika Virus over-shadowing major sports events
- Tennis player threatens to sue over safety on court
- Would your club survive a whaling attack?
- Stay safe when travelling abroad for sports events
- Does your club need Employer’s Liability insurance for volunteers?
- The night rider's guide to cycling safety
- Don't ski off without travel cover for winter sports
- Occupier duties for snow and ice - to grit or not to grit?
- Public sports venues reduce their insurance deals under new anti-terrorism scheme.
- Spring into action to protect your home this Easter
- Is your precious jewellery underinsured?
- Protect your property this winter.
- Black Friday begins! - Tips on safe shopping this season.
- What is car hire excess insurance?
- Tips on storing your classic car this winter.
- Winter driving - Top tips on road safety.
- Trick or treat? What horrors lie in store for your property this season!
- Expert renovation insurance advice from Perkins Slade
- Are you considering GAP Insurance?