Strategic Group Blog

Everything you need to know about IT and technology

Written by Emily Gam
on June 25, 2019

You’ve heard of phishing and how scammers use it along with social engineering tactics to get you to click on a dodgy link, but what is whaling?

A whaling attack, also known as whaling phishing, is a specific type of phishing attack where scammers target the big fish in a company, namely anyone in the c-suite such as CEO or COO.

The term whaling comes from the size of attacks and the ‘whale’ is picked because of their seniority and authority within the company.

How does it work?

The goal of a whaling attack is the same as a normal phishing email, to trick the recipient into either disclosing personal/company information, sending money or installing malicious software on their computer. The different with a whaling attack is that it is much more targeted and will often include the target’s name, title and other information that is collected from a variety of sources, like social media.

Like all kinds of scam emails, whaling attacks use social engineering techniques and will often send fraudulent hyperlinks or malicious attachments to steal personal information or install software. The scammers are willing to spend more time and effort into crafting these scams because of the higher value payoff.

What’s the different between whaling and spear phishing?

They are both similar types of scams but while anyone can be a target of a spear phishing attack, only CEOs and high ranking staff members are targeted by whaling attacks.

What can you do?

The first thing to protect your business from any type of phishing email is to make sure all of your staff are trained and know how to identify these scams, this also includes the C suite, or management team.

Make sure there are processes in place when paying invoices or requests for purchases, such as always getting a secondary approval or getting verbal confirmation. Never pay an unusual supplier or invoice because you received one email.

If you’re not sure how susceptible your staff are to phishing emails take our free phishing test to find out your baseline score.

Free User Phishing Test

Let Us Know What You Thought about this Post.

Put your Comment Below.

You may also like:


5 reasons why you need a business continuity plan

Recent events such as the spread of COVID-19 have reminded many businesses why it’s so important to have a plan in place...

News Tips

COVID-19 scams and how to spot them

Unfortunately whenever there is a crisis or large media event, scammers see an opportunity to target people who may alre...

Tips Security

How to improve your video conferencing calls

Video conferencing calls are now more popular than ever with the majority of us working from home due to COVID-19. With ...