A whaling attack, also known as whaling phishing, is a specific type of phishing attack where scammers target the big fish in a company, namely anyone in the c-suite such as CEO or COO.
The term whaling comes from the size of attacks and the ‘whale’ is picked because of their seniority and authority within the company.
How does it work?
The goal of a whaling attack is the same as a normal phishing email, to trick the recipient into either disclosing personal/company information, sending money or installing malicious software on their computer. The different with a whaling attack is that it is much more targeted and will often include the target’s name, title and other information that is collected from a variety of sources, like social media.
Like all kinds of scam emails, whaling attacks use social engineering techniques and will often send fraudulent hyperlinks or malicious attachments to steal personal information or install software. The scammers are willing to spend more time and effort into crafting these scams because of the higher value payoff.
What’s the different between whaling and spear phishing?
They are both similar types of scams but while anyone can be a target of a spear phishing attack, only CEOs and high ranking staff members are targeted by whaling attacks.
What can you do?
The first thing to protect your business from any type of phishing email is to make sure all of your staff are trained and know how to identify these scams, this also includes the C suite, or management team.
Make sure there are processes in place when paying invoices or requests for purchases, such as always getting a secondary approval or getting verbal confirmation. Never pay an unusual supplier or invoice because you received one email.
If you’re not sure how susceptible your staff are to phishing emails take our free phishing test to find out your baseline score.