Also known as a whaling phishing attack, whaling is a type of phishing cyber crime attack that targets high-level employees in order to steal sensitive information from a company. A whaling attacker sends a legitimate-appearing email posing as a senior executive such as a CEO or CFO with the aim to manipulate the victim into either authorizing a large amount of funds to be wire transferred or clicking on an attachment or link that installs malware. The goal of whaling is to receive money and/or sensitive company information that gives the attacker access to the company’s intellectual property, data, or other information that could be sold.
Whaling emails are typically more sophisticated than generic phishing emails because they:
Many times, indicators of a whaling email include:
An real-life example of a whaling attack that a number of executives across multiple industries fell victim to was an email that went out appearing to be from a United States District Court. This email had accurate details about the executives and company they worked for. The email encompassed a fake subpoena to appear before a grand jury in a civil case. It included a link to the purported subpoena, which was really malware.
Due to whaling being highly-targeted in nature, the attacks are often more difficult to detect and prevent than standard phishing attacks. However, the general advice given to prevent phishing also applies to whaling: Avoid clicking links or attachments in emails that require you to take action quickly to be successful in the supposed task. In general, don’t click on an attachment in an email unless you’re sure of both the sender and the document, verifying first if necessary, and mouseover links to make sure the text isn’t masking a malicious link, where the domain name is different from what you’d expect. Other, more specific, steps to prevent whaling include: