“Whaling” emerges as cybersecurity threat

&gt;&gt; Wessland says such attacks are impossible to pick up with basic spam-filtering technologies, noting that hackers will simply keep creating new fake domains from which to send their targeted messages.<p>Haha, yes that&#x27;s true: we still do not have the universal fraud detector and stupidity prevention algorithm. Seriously, this is not a system security problem. If you have high-level employees in the finance dept. of your company that will initiate a wire transfer on the basis of an unsigned, unencrypted email from an un-trusted domain, that is a policy&#x2F;standards&#x2F;personnel issue.

Any C level person should at least be [GP]PG or S&#x2F;MIME signing all their email, if not fully encrypting it. Email impersonation is just too easy.

If this is happening then internal audit procedures are non existent as any significant finance decisions should involve a minimum of two people to authorise transactions to minimise fraud in the first place.<p>This falls under business basics.

That&#x27;s embarrassing. Isn&#x27;t it the CFO&#x27;s job to use his or her discretionary judgment when approving transfers? I think we need to fix business cultures rather than build tools to think for us...

We&#x27;ve had a spate of fake emails between our CFO and CEO in our company.<p>Seeing as we use google apps for our email, it would be really nice if google could warn in their interface that this email may have the CFO&#x27;s address, but it did not come from internal mail...

From the title I thought this was going to be about foreign SIGINT ships disguised as whaling vessels trolling off the coast.