What Is a Whaling Attack? [Definitions and Ways to Prevent]

Submitted by Erica Kastner on Fri, 09/ 21/ 18 - 12: 04 PM

What Is a Whaling Attack


Whaling is a common term used to describe the hunting of whales for the oil that their blubber produces. In Las Vegas, the term "whale" is used to describe gamblers who are prepared to bet large sums of money at the casinos. When it comes to cyber threats, whaling attacks pose a unique risk to business executives. Keep reading to learn what whaling attacks are and how you can prevent it.

What is a Whaling Attack?

What Is Whaling AttackWhaling attacks are a form of social engineering that targets "whales", or business owners and C-level employees (CEO, CFO, etc.), through the use of various phishing techniques

While the term whaling refers to the type of victim that's targeted, phishing is the method used to carry out a whaling attack. Phishing, a form of social engineering, involves fraudulently attempting to gain access to a victim's personal accounts by tricking them into providing personal information or clicking on a malware link.

The most common phishing technique, which is heavily used to carry out whaling attacks, takes place over email.

For instance, imagine receiving an email that looks like it's from your bank telling you that you need to click a link to log into your account right now to address some errors or you're temporarily lose access to your account.

In reality, this email is from a hacker pretending to be your bank, and instead of leading to your banking website, when you click the link you actually download malware onto your computer, which gives a hacker a backdoor into your network and all your personal accounts.

These attacks purposely instill a sense of fear and urgency in victims so they act quickly without thinking. In the scenario above, threatening the suspension of bank account access without immediate action instills both.

C-level employees and owners are great targets because they often have tremendous amounts of sensitive data stored in accounts such as their email. An executive's email can contain data such as logins to company accounts, for instance HR management systems.

If a hacker gains access to your HR platform, they can view employee Social Security numbers. Imagine all the other platforms an executive may have access to that could put an entire company's privacy at risk and then you'll see why hackers love to target executives.

What Can Be Done?

By recognizing the unique threat that a whaling attack poses, businesses can take steps to secure not only an executive's account, but the entire company's network as well. Expansive protection is necessary because all it takes is one weak link for a company's data to be breached.

So, what can be done?

For some quick tips on avoiding email phishing attempts, check out the graphic below.

Whaling Attack

If your company doesn't have the resources to hold cyber security education seminars or effectively manage your network security in-house, consider managed IT services.

Besides educating employees about cyber security, a managed service provider (MSP) takes security a step further by analyzing your network infrastructure for weak spots, installing various layers of hardware and software, and addressing any threats that pop up.

Companies need to be diligent about implementing policies to prevent whaling attacks, because one wrong click could send your company out of business.

Want to Learn More?

5 Common Social Engineering Tactics
What is Social Engineering? Types, Tips, and Prevention
How Does Ransomware Work?
Social Engineering Techniques and Ways to Protect Your Network

Get Your Questions Answered Now


Posted by Erica Kastner


whaling social engineering, cyber security