What is Whaling?

Whaling is an attack where cyber-criminals masquerade as a senior player at a firm and directly target other executives or senior employees in an organisation to gain access to systems or steal money and sensitive information. Whaling is also known as CEO fraud that uses spear-phishing tactics like email and website spoofing to trick unsuspecting targets into performing specific actions. Like all phishing attacks, whaling attempts against high-profile targets relies on compelling the victim under the guise of some urgency or importance. Since organisations have increased awareness training around typical phishing attacks, whaling adversaries enhance their approaches by narrowing their scope and tailoring their fraudulent messages with specific details to convince the target and compel them to act.  Using social engineering to build trust with such targets is another method attackers use to increase the likely success of their activity.  Whaling has also become more popular with attackers as it doesn’t require as much technical skill as other cyber attack methods, yet it can offer huge returns if successful.

Protecting high profile employees from the risks associated with this attack method will create a strong line of defence and CyberScale are able to support with this, contact us today to find out more.