Home / Definitions / Whaling


Abby Braden
Last Updated May 24, 2021 8:03 am

Also known as a whaling phishing attack, whaling is a type of phishing cyber crime attack that targets high-level employees in order to steal sensitive information from a company. A whaling attacker sends a legitimate-appearing email posing as a senior executive such as a CEO or CFO with the aim to manipulate the victim into either authorizing a large amount of funds to be wire transferred or clicking on an attachment or link that installs malware. The goal of whaling is to receive money and/or sensitive company information that gives the attacker access to the company’s intellectual property, data, or other information that could be sold.

Anatomy of a whaling attack

Whaling emails are typically more sophisticated than generic phishing emails because they:

  • Contain personalized information about the targeted organization or individual
  • Convey a sense of urgency
  • Are created with a general understanding of the business’s business language, tone, and purpose

Many times, indicators of a whaling email include:

  • The display or domain name differs from the trusted address
  • The email requests money in a very short and urgent amount of time
  • The domain age (how long the domain has existed since its creation) doesn’t match the domain name of the trusted company

An real-life example of a whaling attack that a number of executives across multiple industries fell victim to was an email that went out appearing to be from a United States District Court. This email had accurate details about the executives and company they worked for. The email encompassed a fake subpoena to appear before a grand jury in a civil case. It included a link to the purported subpoena, which was really malware.

How to prevent whaling attacks

Due to whaling being highly-targeted in nature, the attacks are often more difficult to detect and prevent than standard phishing attacks. However, the general advice given to prevent phishing also applies to whaling: Avoid clicking links or attachments in emails that require you to take action quickly to be successful in the supposed task. In general, don’t click on an attachment in an email unless you’re sure of both the sender and the document, verifying first if necessary, and mouseover links to make sure the text isn’t masking a malicious link, where the domain name is different from what you’d expect. Other, more specific, steps to prevent whaling include:

  • Employee awareness: Not only high-level executives  but all employees should be trained on how to identify whaling attacks. They should know what social engineering (the myriad of methods used to steal personal information) tactics to look for and be cautious about requests for funds through email.
  • Multi-Factor authentication: All funds requested through email should pass through several rounds of verification before being permitted.
  • Data protection policies: Introducing data security policies will help ensure that emails and files are monitored for suspicious activity.
  • Anti-phishing tools: Anti-phishing software will help prevent whaling and other phishing attacks by running unnoticed in the background.