AYALA-BACKED Bank of the Philippine Islands (BPI) has warned companies and the public about the rise of executive phishing attacks, a sophisticated social engineering scam targeting organizational members.
An executive phishing attack, also known as whaling, is a type of phishing scam that specifically targets high-ranking executives or other important individuals within an organization, such as chief executive officers, chief finance officers, or other senior leaders.
Unlike regular phishing attacks that cast a wide net to capture any victim, whaling attacks are more focused and personalized.
Jonathan John Paz, BPI Enterprise Information Security and Data Protection officer, said executive phishing or whaling can occur over emails and messaging applications like Viber and WhatsApp, in which unscrupulous individuals pose as senior executives to induce the employees to execute fraudulent transactions or lure them into divulging sensitive or confidential information.
“Cyberattacks against organizations do happen and it could cost millions in terms of data loss, financial impact, and operational disruption,” he said.
“Line managers, particularly those with access to critical data or tasked with critical transactions, face the biggest risk of whaling. That is why it’s important to conduct regular cybersecurity awareness training and attack simulations within the company,” he added.
Paz urged the public to be alert and exercise caution with emails and attachments to protect themselves from this type of social engineering scam.
Tips
Before taking any action, he advised verifying the sender and making sure that the sender’s name, email address and contact number are correct. If one doesn’t normally receive an email or message from the sender, ask a person in authority to verify their legitimacy.
He also advised not to click on links or download attachments from suspicious senders. Don’t respond to their message either.
Take an extra step by scanning attachments for viruses before opening them. Additionally, he suggests promptly reporting any suspicions of impersonation by an executive to the company’s cybersecurity team.
Moreover, Paz emphasized that companies must take a proactive approach to promoting cybersecurity awareness. He urged them to instill the mindset that cybersecurity is a shared responsibility among all employees, regardless of their position, title, or tenure.
“We must get everyone to understand that cybersecurity is a responsibility we all share and that it takes a collective effort to fight cyber threats. Doing so will allow us to safely navigate the digital world while ensuring the company and employees are protected,” he said.
According to a report by the Department of Information and Communications Technology, cyber incidents in the country increased by 62 percent in 2023, signaling the need for a more aggressive cybersecurity awareness initiative to protect Filipinos. / KOC
