Your IP: Unknown · Your Status: ProtectedUnprotectedUnknown


Whaling definition

A type of social engineering phishing attack that targets specific high-ranking employees. While phishing attacks are often generic and may be targeted at anyone, whaling requires a lot of research. The goal is to successfully impersonate a senior executive to either get paid or steal extremely sensitive information that could be used for ransom or sold for a huge profit. The attack relies on the idea that a direct order from your boss’ boss will make you panic, drop your guard, and perform the action (like transferring a large sum of money) without thinking.

Real-life whaling examples

  • In 2016, Seagate’s HR department received an email from a scammer impersonating the company’s CEO. They sent the requested data, leaking the personal details of about 10,000 employees.
  • In 2016, Austrian plane company FACC lost 56 million dollars to whalers. Its CEO and CFO lost their positions as a result of the attack.

How to prevent whaling

  • Contact the person by phone or in person if you suspect a message from them might be fake.
  • Get into the habit of checking emails for clues that they may be fake — at least inspect the sender’s email address.
  • Limit how much of your employee data is available online so it’s more difficult to impersonate them.

Further reading

Ultimate digital security

We value your privacy

This website uses cookies to provide you with a safer and more personalized experience. By accepting, you agree to the use of cookies for ads and analytics, in line with our Cookie Policy.