The Bank of the Philippine Islands (BPI) has issued a warning to companies and the public about the rise in executive phishing attacks, commonly known as whaling. This form of social engineering targets members of an organization by impersonating senior management to deceive employees into performing fraudulent actions or revealing sensitive information.
The alert comes after the recent report from the Department of Information and Communications Technology, highlighting a 62% increase in cyber incidents in the Philippines during 2023.
“Cyberattacks against organizations do happen, and it could cost millions in terms of data loss, financial impact, and operational disruption,” said Jonathan John Paz, enterprise information security and data protection officer, BPI.
Whaling typically manifests through emails and messaging platforms such as Viber and WhatsApp, where malicious actors pose as high-level executives. These impostors then coerce employees into making financial transactions or sharing confidential information.
Paz emphasized that line managers and employees with access to critical data are particularly vulnerable. He advised regular cybersecurity training and simulations to prepare staff for potential attacks.
To safeguard against these threats, Paz recommended several precautionary measures:
- Verify the sender: Confirm the authenticity of the sender’s name, email, and contact number. If the message is unexpected, consult a trusted authority to verify its legitimacy.
- Avoid engagement: Refrain from clicking on links, downloading attachments, or responding to messages from suspicious sources.
- Check for viruses: Scan attachments for malware before opening them.
- Report suspicious activity: Immediately report any suspected impersonation to the company’s cybersecurity team.
- In addition to individual vigilance, Paz urged organizations to foster a culture of shared responsibility regarding cybersecurity. He stressed that awareness and proactive measures are vital at all levels of the company to effectively combat cyberthreats.
“We must get everyone to understand that cybersecurity is a responsibility we all share, and it takes a collective effort to fight cyberthreats,” Paz said. “Doing so will allow us to safely navigate the digital world while ensuring the company and employees are protected.”