Phishing vs whaling

If you’ve done your research on cyber attacks, you probably know what cyber phishing means. But what about whaling? In this article, we will tell you what a whaling cyber attack is and how it is different from a typical phishing attack.

What is whaling in cybersecurity?

Whaling is a type of phishing attack that hackers use to get access to information, networks, etc. As you might already know, phishing attacks are usually broad, large-scale cyberattacks in which hackers target a large number of users without any specific target in mind. Spear phishing is a more specific type of attack where hackers have a specific person or group of people in mind as targets and they adjust their attack methods (such as the content of a spear-phishing email) accordingly. Finally, whaling attacks are a subset of spear-phishing scams. Hackers that place whaling emails, phone calls, etc. try to impersonate specific high-level individuals within a given company. Whaling typically involves a lot of research and hackers carefully craft emails to include specific information involving the impersonated “sender” of the email.

How to protect my company from whaling attacks?

Social engineering and phishing attacks make up the largest part of all cybersecurity attacks for one simple reason – they work. People are the weakest link in any organization, which is why it is so important to train your employees to recognize whaling and phishing attempts and other social engineering strategies used by scammers. A great method of whaling attack prevention is regular employee testing via simulated phishing attacks.

Generally, all employees should be instructed to double-check email addresses, keep an eye out for mistakes and typos in emails, be especially vigilant about emails that request urgent action, etc. It’s also a good idea to adopt authentication policies and guidelines that users have to follow before transferring any money. For instance, if someone sends an email requesting for a payment to be wired, the employee can be required to make a phone call to the sender of the email to verify the request.

Frequently asked questions about whaling cyber attacks

Who is typically impersonated in whaling scams?

Scammers who carry out whaling attacks usually impersonate high-ranking individuals in a particular company. This can be COO, CEO, CFO, department heads and other individuals who are in charge of people and have the authority to make financial and other decisions.

Who are the typical targets of whaling attacks?

It is very common for scammers who run whaling attacks to target people who work in the financial department of a given company or employees in shipping companies and those who are in charge of vendor relations and payments.

What is an example of a whaling attack?

A well-known whaling attack happened at Snapchat when a hacker emailed one of the employees asking for payroll information while impersonating the CEO of the company. The employee handed over the information, which was soon released publically by the hacker.

Contact us