{"id":541,"date":"2023-04-12T08:28:21","date_gmt":"2023-04-12T08:28:21","guid":{"rendered":"https:\/\/dataprot.net\/?p=541"},"modified":"2023-07-14T07:51:30","modified_gmt":"2023-07-14T07:51:30","slug":"what-is-whaling","status":"publish","type":"post","link":"https:\/\/dataprot.net\/articles\/what-is-whaling\/","title":{"rendered":"Whaling Explained: A Cyberattack Targeting High-Profile Individuals"},"content":{"rendered":"\n
We\u2019ve all been contacted by a \u201cNigerian prince\u201d or gotten a message from an unknown number\/email claiming to be a relative or friend and asking for help due to being in a tight spot. Online scammers are everywhere, doing everything they can to get money and information fast. <\/p>\n\n\n\n
You might imagine a regular person falling for that kind of phishing attack, but what would it take to con a CEO? The concept of conning a high-profile individual is called whaling<\/strong>. \u201cWhat is whaling,\u201d you might ask? We\u2019ll be exploring it further in the article below.<\/p>\n\n\n\n Catching the big fish is the dream most fishing enthusiasts share. Sometimes they just need the sustenance it provides, but mostly just to have a nice trophy. The online world is filled with nautical terminology, so let\u2019s break it down one by one:<\/p>\n\n\n\n This type of cyber attack utilizes email, SMS (\u201csmishing\u201d), or any other direct messaging system to trick the target into sending money or confidential information. The key factor is that it does not target anyone specifically; the email is simply sent to several random recipients hoping that some of them will fall for the trick.<\/p>\n\n\n\n With the tools being the same as in phishing, the key factor here is that the scammer will choose their targets based on a specific goal and plan accordingly.<\/p>\n\n\n\n Very similar to spear-phishing, it is a type of an online scam that specifically targets high-profile individuals in society or within a company. This is why it\u2019s also known as executive phishing<\/em>. Unlike CEO fraud, or BEC <\/em>(Business Email Compromise<\/em>) attacks (which it often gets confused with), whaling targets are specifically CEOs and other c-suite executives that can provide the big pay-off.\u00a0<\/p>\n\n\n\n With all of this in mind, it is also possible for a scammer to pull both kinds of attacks on the same company by first whaling<\/em> the CEO for the money and the information they have and later using that same information to phish<\/em> for funds from the lower-tier employees.<\/p>\n\n\n\n It\u2019s quite simple, really. The scammer takes on the role of the whaler<\/em>, usually impersonating an assistant in order to remind the CEO of some \u201cmissing payment\u201d or a partner in the organization that is \u201cmissing some funds or information.\u201d The point of whaling is to acquire resources or do corporate espionage, but it can also be inspired by a personal vendetta, desire for control, and many other motives. <\/p>\n\n\n\n In these cyberattacks, victims may also be asked to click on a link sent to them through a whaling email (computer whaling) or an SMS that will lead them to a spoofed website that can steal data or infect the user\u2019s device with malware.<\/p>\n\n\n\n Whalers will ask the target to share sensitive data such as payroll information, tax returns, or bank account numbers. Victims may also be asked to authorize a wire transfer to a bank account that turns out to be fraudulent. In order to leave a firmer impression of the email being legitimate, attackers sometimes also use a phone call along with it to reinforce the attack.<\/p>\n\n\n\nWhat Is the Meaning of Whaling?<\/h2>\n\n\n\n
\n
\n
\n
What Is the Point of Whaling and How Does It Work?<\/h2>\n\n\n\n