What Are Whaling Social Engineering Attacks and Ways to Prevent Them?

Submitted by Daniel Gray on Fri, 09/ 21/ 18 - 12: 04 PM

Whaling Social Engineering-min-1


In the 17th century, whaling was a common term to describe the hunting of whales for the oil their blubber produced. Today - whaling still exists, but there is a new version of it that has become a common social engineering practice. If you're a business owner or C-level employee, whaling is a very real threat for you.

In Las Vegas, the term "whale" is used to describe gamblers who are prepared to bet large sums (small fortunes, actually) of money at the casinos. They're treated like royalty wherever they stay, as the casinos aim to encourage them to spend as much time on their property as possible.

The more time they spend on-site, the more money the casino stands to make.

What is a Whaling Attempt?

Much like the Vegas example above, whaling is a form of social engineering that targets "whales," or in this case, business owners and C-level employees (CEO, CFO, etc.).

An attacker (usually a hacker), will attempt to gain access to a C-level computer through various phishing techniques.

Phishing tactics are the most common form of cyber social engineering. Phishing is where cyber criminals disguise emails as a trusted source (like a financial institution). The email would contain malicious links disguised as reputable ones. Once a victim clicks on a link, a virus of some type would be uploaded to the victim's computer.

This creates a perfect opportunity for ransomware to be implemented, jeopardizing sensitive information, and at times, costing a business millions (both in reputation loss, data loss, and any ransom payout).

READ: How Does Ransomware Work?

C-level employees and owners are great targets for this because they often have tremendous amounts of sensitive data (potentially of their own personal data) that can be very valuable to a hacker.

The most effective part of a phishing attack is that a hacker will usually play the long game; meaning, a person who experiences a phishing attack often received the malware months or years prior. This makes it incredibly difficult to find and remove any ransomware.



What Can Be Done?

Whaling is just a term to describe the type of victim a hacker is targeting, but anyone can become a phishing victim. All you need is the internet.

So, what can be done?

A good rule of thumb to use:

If an employee doesn't recognize the source (or they don't usually receive emails from that source), don't click on it!

Whales - I mean C-level employees - are people, too. They should be as vigilant as their employees, because one wrong click could send your company out of business.

Want to Learn More?

5 Common Social Engineering Tactics
What is Social Engineering? Types, Tips, and Prevention
How Does Ransomware Work?
Social Engineering Techniques and Ways to Protect Your Network

Get Your Questions Answered Now


Posted by Daniel Gray


whaling social engineering