What is Whaling?
Also known as a CEO attack, Whaling is a phishing attack on a high-ranked individual at an organization through social engineering. It occurs when a cybercriminal masquerading as a senior player or a trusted entity directly attacks an important person of a company using phishing tactics such as email or website spoofing. The goal: to steal sensitive information or gain access to login credentials that give the attacker a master key to the company’s intellectual property, consumer data, or other confidential information. In many cases, the desired outcome is solely money transfer. Like all phishing attacks, the success of a whaling attack is hinged on compelling the target to reveal the important message, mostly under the guise of some urgency. The pool of potential targets for whaling at an organization is limited, but the stakes are much higher. Cybercriminals tend to attack key individuals such as C-level executives - chief-executive officer, chief financial officer – or media spokespersons, as they have more access to internal information, and in most cases, administrative privileges.
The whaling tactics used by the cybercriminals are more sophisticated and advanced and use a form of social engineering to coerce the target to perform a secondary action. The attacks are perfectly crafted with a solid understanding of business language and tone and convey a sense of urgency that compels a target to act quickly, defying the standard business security protocols. The attacker knows that the deadlines or a strict email won’t do purpose, so they exploit fears like legal action against or reputational harm to the organization. The whaling email may include the personal information of the targeted individual or organization to win over their trust. The preferable objectives of a whaling attack entail clicking on an unprotected link, opening an attachment that may infect or hack the system, or sending the target individual to another malicious website, impersonating as an original one.
The threat of whaling is ever-increasing and it can be mitigated by educating the key individuals of an organization to always be on guard for such attacks. They should always keep a high level of suspicion while dealing with contacts involving important transactions. The first question they should ask whether or not they were expecting such an email, attachment, or link – common whaling tactics and don’t act hastily – no matter the consequences. After all, a successful whaling attack requires the target to perform an action.
Touchless, contactless, passwordless 2FA with continuous authentication. One key for all your passwords. Experience fully automated login and security. Instant 2FA, auto-OTP, password manager and worry-free workflow with proximity-based privileged access management for Windows 10, 8, 7, macOS, desktop applications, and websites.