Beware of Whaling Attacks!

Don’t get caught by the whale!

There has been a spate of “whaling” attacks recently.  Beware of them! Don not respond to them!

Whereas “phishing” involves sending a fraudulent email to a large group of people in the hope that a few will respond, “whaling” involves forging communications that look like they’re from the “big phish” in an organization, i.e. the “whale.”

These emails are usually crafted more carefully than your standard “phishing” email which makes them more difficult to detect.

For example, some Episcopalians in the Diocese of Maryland have reported receiving email from a Gmail address that appears to belong to Bishop Sutton. The email is asking the recipient to take some kind of action – wire money to a specified account, purchase gift cards and send the reply with the gift card serial numbers, or simply to reply quickly. Episcopalians in other dioceses have also reported receiving similar emails apparently from their bishop(s). Unfortunately, it’s difficult to stop these email attacks.

The Gmail account in question is complete with the bishop’s name, title, and photo.  It is a fraudulent account created to look like a legitimate one! Bishop Sutton’s name and title are being used without permission.

Never respond to an email that request you to wire money and/or gift cards.  These emails are always a scam even if they appear to come from “the big phish”.