What is Whaling?
Whaling is an attack where cyber-criminals masquerade as a senior player at a firm and directly target other executives or senior employees in an organisation to gain access to systems or steal money and sensitive information. Whaling is also known as CEO fraud that uses spear-phishing tactics like email and website spoofing to trick unsuspecting targets into performing specific actions. Like all phishing attacks, whaling attempts against high-profile targets relies on compelling the victim under the guise of some urgency or importance. Since organisations have increased awareness training around typical phishing attacks, whaling adversaries enhance their approaches by narrowing their scope and tailoring their fraudulent messages with specific details to convince the target and compel them to act.