Strategic Group Blog

Everything you need to know about IT and technology

Tips Security

Cyber Security: What is whaling?

close

Categories

Subscribe to Email Updates

Popular Stories

Social Engineering Red Flags - What to look out for Oct 21, 2022
6 Key technology trends that will shape Australian business in 2022 Jan 21, 2022
Understanding Cyber Security: A quick guide for busy business owners Aug 10, 2022
The rise of sextortion scams Dec 11, 2018
EOFY is also a busy time for phishing emails Jun 12, 2019
Categories | Subscribe | Populars
Written by Emily Gam
on June 25, 2019

You’ve heard of phishing and how scammers use it along with social engineering tactics to get you to click on a dodgy link, but what is whaling?

A whaling attack, also known as whaling phishing, is a specific type of phishing attack where scammers target the big fish in a company, namely anyone in the c-suite such as CEO or COO.

The term whaling comes from the size of attacks and the ‘whale’ is picked because of their seniority and authority within the company.

How does it work?

The goal of a whaling attack is the same as a normal phishing email, to trick the recipient into either disclosing personal/company information, sending money or installing malicious software on their computer. The different with a whaling attack is that it is much more targeted and will often include the target’s name, title and other information that is collected from a variety of sources, like social media.

Like all kinds of scam emails, whaling attacks use social engineering techniques and will often send fraudulent hyperlinks or malicious attachments to steal personal information or install software. The scammers are willing to spend more time and effort into crafting these scams because of the higher value payoff.

What’s the different between whaling and spear phishing?

They are both similar types of scams but while anyone can be a target of a spear phishing attack, only CEOs and high ranking staff members are targeted by whaling attacks.

What can you do?

The first thing to protect your business from any type of phishing email is to make sure all of your staff are trained and know how to identify these scams, this also includes the C suite, or management team.

Make sure there are processes in place when paying invoices or requests for purchases, such as always getting a secondary approval or getting verbal confirmation. Never pay an unusual supplier or invoice because you received one email.

If you’re not sure how susceptible your staff are to phishing emails take our free phishing test to find out your baseline score.

Free User Phishing Test

Let Us Know What You Thought about this Post.

Put your Comment Below.

You may also like:

Tips

Social Engineering Red Flags - What to look out for

Hackers and scammers are getting more sophisticated, gone are the days of the laughable Prince of Nigeria scams, now sca...

News Tips Security

Optus Customers' Data Impacted by Serious Cyberattack

As you are probably aware, late last week, Optus announced it had been the victim of a cyberattack that exposed customer...

News Tips

Why using a locally sourced IT provider can change your business for the better

We’ve all been through the painful process of contacting our IT provider and being paged through to someone overseas.

Get all updates straight to your inbox.

Stay informed with the latest IT and Technology news.

Subscribe to Email Updates

We wanted to be more than just a simple ‘break-fix’ IT provider, and become a true partner that understands our clients’ business drivers and goals so we can provide relevant IT solutions that enable our clients to grow & achieve their goals
SERVICES
COMPANY
CONTACT

Suite 5,
101 Hannell Street
WICKHAM  NSW  2293

Phone: 1300 857 048
    © 2018 All Rights Reserved