What is Whaling?

Whaling is a type of spear-phishing (targeted email) attack that targets high-level victims, such as corporate leadership. A hacker will pose as a member of leadership and reach out to employees within the organization via phony email to attempt to steal proprietary information or money, as employees tend to be less likely to question a request coming from leadership. Human Resources and Accounting teams are often targeted due to their access to sensitive data.

How to Recognize This Threat: Look for unusual requests made via email, such as requests to transfer funds or provide sensitive information that are outside of normal protocol. Some whaling attacks may also use slightly different email addresses than the real ones or include a link outside the organization.

How to Prevent This Threat: Train employees to look for the signs of an attack and develop protocols for any release of sensitive information. Ensure executives keep personal information such as social media accounts private so that hackers cannot as easily pose as them. Email security can flag messages that come from outside the organization while also monitoring for suspicious language, links, or attachments in emails.