Strategic Group Blog

Everything you need to know about IT and technology

Written by Emily Gam
on June 25, 2019

You’ve heard of phishing and how scammers use it along with social engineering tactics to get you to click on a dodgy link, but what is whaling?

A whaling attack, also known as whaling phishing, is a specific type of phishing attack where scammers target the big fish in a company, namely anyone in the c-suite such as CEO or COO.

The term whaling comes from the size of attacks and the ‘whale’ is picked because of their seniority and authority within the company.

How does it work?

The goal of a whaling attack is the same as a normal phishing email, to trick the recipient into either disclosing personal/company information, sending money or installing malicious software on their computer. The different with a whaling attack is that it is much more targeted and will often include the target’s name, title and other information that is collected from a variety of sources, like social media.

Like all kinds of scam emails, whaling attacks use social engineering techniques and will often send fraudulent hyperlinks or malicious attachments to steal personal information or install software. The scammers are willing to spend more time and effort into crafting these scams because of the higher value payoff.

What’s the different between whaling and spear phishing?

They are both similar types of scams but while anyone can be a target of a spear phishing attack, only CEOs and high ranking staff members are targeted by whaling attacks.

What can you do?

The first thing to protect your business from any type of phishing email is to make sure all of your staff are trained and know how to identify these scams, this also includes the C suite, or management team.

Make sure there are processes in place when paying invoices or requests for purchases, such as always getting a secondary approval or getting verbal confirmation. Never pay an unusual supplier or invoice because you received one email.

If you’re not sure how susceptible your staff are to phishing emails take our free phishing test to find out your baseline score.

Free User Phishing Test

Let Us Know What You Thought about this Post.

Put your Comment Below.

You may also like:

Tips Security

Windows 7 end of support - why you need to upgrade

As of Tuesday the 14th of January 2020, Microsoft will no longer provide support or updates to anyone using Windows 7.

News Tips

Changes coming to ATO and AUSkey procedures

If you’re using AUSkey to login to the ATO or other Government services, there are changes coming in 2020 that you need ...

Community Tips Security

This week is Stay Smart Online Week - Reverse The Threat

We're proud to have partnered with Stay Smart Online and be involved in their Stay Smart Online Week, helping to bring a...