Strategic Group Blog

Everything you need to know about IT and technology

Tips Security

Cyber Security: What is whaling?

close

Categories

Subscribe to Email Updates

Popular Stories

Building a Phishing-Proof Business Apr 30, 2024
Social Engineering Red Flags - What to look out for Oct 21, 2022
Unauthorised AI: The Hidden Risks for Accounting Firms Aug 15, 2024
No Place Like Home: Ensuring Cybersecurity for SMEs in the Remote Work Revolution May 22, 2024
Evolving Threats, Emerging Solutions: Staying Ahead of Ransomware May 29, 2024
Categories | Subscribe | Populars
Written by Emily Gam
on June 25, 2019

You’ve heard of phishing and how scammers use it along with social engineering tactics to get you to click on a dodgy link, but what is whaling?

A whaling attack, also known as whaling phishing, is a specific type of phishing attack where scammers target the big fish in a company, namely anyone in the c-suite such as CEO or COO.

The term whaling comes from the size of attacks and the ‘whale’ is picked because of their seniority and authority within the company.

How does it work?

The goal of a whaling attack is the same as a normal phishing email, to trick the recipient into either disclosing personal/company information, sending money or installing malicious software on their computer. The different with a whaling attack is that it is much more targeted and will often include the target’s name, title and other information that is collected from a variety of sources, like social media.

Like all kinds of scam emails, whaling attacks use social engineering techniques and will often send fraudulent hyperlinks or malicious attachments to steal personal information or install software. The scammers are willing to spend more time and effort into crafting these scams because of the higher value payoff.

What’s the different between whaling and spear phishing?

They are both similar types of scams but while anyone can be a target of a spear phishing attack, only CEOs and high ranking staff members are targeted by whaling attacks.

What can you do?

The first thing to protect your business from any type of phishing email is to make sure all of your staff are trained and know how to identify these scams, this also includes the C suite, or management team.

Make sure there are processes in place when paying invoices or requests for purchases, such as always getting a secondary approval or getting verbal confirmation. Never pay an unusual supplier or invoice because you received one email.

If you’re not sure how susceptible your staff are to phishing emails take our free phishing test to find out your baseline score.

Free User Phishing Test

Let Us Know What You Thought about this Post.

Put your Comment Below.

You may also like:

Tips Security

No Place Like Home: Ensuring Cybersecurity for SMEs in the Remote Work Revolution

The rise of remote work in today's business environment creates unique opportunities, but also significant challenges fo...

Tips Security

Building a Phishing-Proof Business

With their alarming simplicity and devastating effectiveness, phishing attacks continue to pose a significant threat to ...

Tips

Social Engineering Red Flags - What to look out for

Hackers and scammers are getting more sophisticated, gone are the days of the laughable Prince of Nigeria scams, now sca...

Get all updates straight to your inbox.

Stay informed with the latest IT and Technology news.

Subscribe to Email Updates

We wanted to be more than just a simple ‘break-fix’ IT provider, and become a true partner that understands our clients’ business drivers and goals so we can provide relevant IT solutions that enable our clients to grow & achieve their goals
SERVICES
COMPANY
CONTACT

Suite 5,
101 Hannell Street
WICKHAM  NSW  2293

Phone: 1300 857 048
    © 2018 All Rights Reserved