Cybersecurity
Whaling
Definition
Whaling is a specific type of phishing attack that targets high-profile employees, such as the CEO or CFO, in order to steal sensitive information from a company. The content of a whaling email is often written as a senior-level business communication.
Why It Matters
Whaling attacks are highly targeted and can be extremely damaging. A successful attack against an executive can lead to significant financial loss or the compromise of highly sensitive strategic information.
Contextual Example
The CEO of a company receives an email that looks like a subpoena from a law firm, requiring them to click a link and provide credentials to view a legal document. The email is a whaling attack designed to steal the CEO's login credentials.
Common Misunderstandings
- Whaling is a form of spear phishing aimed at "big phish" or "whales" within an organization.
- These attacks often rely on a sense of urgency and authority to trick the victim into acting without thinking.