What is whaling attack? Cyber awareness in phishing

Anton P. | June 01, 2020

A whaling attack is a phishing attempt targeting high-ranking people like CEOs, executives, or politicians. It tries to gain sensitive information or trick people into making wire transfers to scammers’ accounts. 

So, whaling creates more targeted phishing emails, likely with many background details about victims. Scammers try to pose as senior or other influential people in institutions. Then, lower-level employees might feel uncomfortable questioning or refusing their requests. 

This article shows how whaling attacks work and ways to recognize fraudulent emails, SMS messages, or calls.

What is a whaling attack?

A whaling attack imitates high-ranking individuals and tricks employees into revealing valuable, confidential information. 

  • Criminals use a whaling attack to impersonate senior management: CEO, CFO, or other high-level executives. 
  • They carefully select their victims according to their status and access to sensitive data.
  • Scammers use fraudulent emails that appear to be from a trusted source. 
  • They apply social engineering to trick individuals into revealing confidential data, making wire transfers, or trading organizational secrets. 

Example of how a whaling attack works

One of the most common whaling phishing attacks is the CEO email scam. It means that fraudsters send emails to employees under the name of their CEO. Snapchat had fallen victim to this fraud, handing over employee payroll information. 

However, it is possible to determine the steps scammers take to pursue whaling attacks: 

  • Criminals gather information via the company’s social media pages and employee profiles on Facebook, Twitter, or LinkedIn. 
  • They can engage with the organization via emails to understand how they structure their letters and signatures. Hence, they find out important details such as job titles and names of colleagues.
  • Attackers choose which executive to impersonate and which employees to target.
  • The victims likely have higher job titles, like those involved in financial affairs. 
  • Fraudulent emails sent likely imitate official emails. That means having the same fonts, structure, phone numbers, and signatures. They can also spoof email addresses
  • A whaling attack could be a request to send money to criminals’ accounts or reveal sensitive data. 
  • In other cases, emails could contain malicious links or attachments for infecting systems with malware.

Because a whaling attack is so tricky and challenging to identify, many organizations have become victims in recent years. In most cases, it comes down to a lack of employee training. 

Consequences of whaling attacks 

Such spear phishing attacks can have different effects on targeted companies. However, here are the most common consequences:

Financial losses 

Most whaling attacks are after monetary gain. Thus, many fraudulent emails or calls will focus on tricking employees into wiring money. As a result, scammers likely target people from finance departments. 

Loss of insider information

Whaling can also come after corporate information. That might include payroll information, partners, investors, or future product strategies. Thus, companies that fall victim to this phishing could reveal highly sensitive information. 

Loss of reputation 

Phishing might be a way to spark controversy by exposing risky details about organizations. It could involve shady dealings or other information the public might be displeased about. 

If a whaling attack leads to a data breach, it could expose how unprepared a company was. For instance, leaked users’ information could lack many security measures, like password salting

Loss of data 

Some whaling attacks could aim to disrupt services by infecting their systems with malware. As a result, it could lead to data breaches of consumer information, passwords, bank details, and more. 

How whaling attacks change 

Like most phishing strategies improve over time. Thus, whaling attacks have also started using more sophisticated tactics. 

  • After sending fraudulent emails, scammers follow up with phone calls. 
  • Thanks to supply chain attacks, whaling can impersonate partners or investors. 
  • Social media platforms like LinkedIn have become extensive sources of information about executives. Furthermore, phishing via social media has also increased significantly. 
  • Email cloning also allows scammers to copy official emails and resend them with malicious elements (like attachments). Typically, the most popular infected documents are PDF or Microsoft Office files. 

Preventing whaling attacks

Hunting whales takes a different meaning in the cyber world. In this case, a whale is an executive, or high-ranking official scammers choose to imitate. 

Thus, whaling attacks are usually the most dangerous to companies. However, organizations might have strict rules when it comes to their employees. 

Therefore, employees that fall for phishing strategies could face firing or other consequences. So, here is how companies and employees can unite to protect themselves against this fraud. 

Practice and enforce good email hygiene

It is best to question every sudden request. Don’t click on suspicious links or attachments – hover over them without clicking to reveal the full URL beforehand. 

Carefully look at email addresses and sender names. Also, check the email for any grammatical mistakes or other weird elements.

Anti-phishing and cyber attack training

Employees should undergo regular cybersecurity training. It should involve potential attacks, fraud strategies, and common mistakes. However, employees should be vigilant independently and question emails that seem suspicious. 

Create or follow protocols

Establish a verification process for important tasks. Before making a money transfer or revealing sensitive information, contact the sender to confirm the request’s legitimacy. However, it is best to use a different communication method like Slack to contact the person. 

Mark external emails

Flagging external emails can notify you that the sender is not who they claim to be. Furthermore, report suspicious emails to your security teams so they can take appropriate action.

Limited access to data

Employees should have access only to the data essential to their tasks. This strategy minimizes the dangers of malware spreading across departments. However, it also means that employees with higher access privileges will get targeted more. 

Implement data protection

Even though the success of whaling emails depends on human error, using cybersecurity tools is crucial. 

Firewalls, intrusion detection software, and antivirus software are necessary to detect, analyze, and prevent threats from causing severe damage. 

Additionally, VPNs can secure your connection and disrupt cyber criminals’ plans to collect information about you. As a result, they won’t be able to misuse it for phishing or whaling scams.

Browse safely & anonymously with a VPN

Browse safely & anonymously with a VPN

Encrypt your internet traffic and defend against online snooping, hackers, governments, or ISPs.
Anton P.

Anton P.

Former chef and the head of Atlas VPN blog team. He's an experienced cybersecurity expert with a background of technical content writing.


whaling attack

© 2024 Atlas VPN. All rights reserved.