What is Whaling in Cyber Security?

Whaling, or whaling phishing, is a cyber attack that occurs when the attackers utilize “spear phishing” methods to go after large, high-profile targets of companies like senior executives or high-ranking government officials. Since these targets are more likely to have access to confidential information, the stakes can be higher than generic phishing attempts. 

But, because these high-level targets can be savvy to the usual list of spam tactics, the attackers who phish these targets look beyond the same standard tactics to more sophisticated methods. The ultimate goal is to capture sensitive information like credentials that give the attacker a master key to a company’s intellectual property, customer data, or other information they can sell.

Examples of Whaling in Cyber Security

A successful whaling attempt relies on compelling the high-profile target using the guise of some urgency. Scammers writing successful whaling emails know their audience won’t be compelled by just a deadline reminder or a stern email from a superior. They’ll prey upon other fears like legal action or being the subject of reputational harm.

The desired outcome may include coercing the recipient to take an unwanted action like triggering a wire transfer, clicking a link that sends the target to a malicious website, or opening an attachment that installs malware. 

How to Defend Against Whaling Attacks

For executives and other targets of whaling, beware of clicking links or attachments in emails from unrecognized sources. Beyond that, organizations can strengthen their own defenses and educate potential targets by implementing common best practices.

1. Be cautious of the information public-facing employees are sharing about executives. Details that can be found online or at major public events can lend whaling emails the guise of legitimacy.
2. Encourage employees of all levels to verify the veracity of urgent, unexpected messages through other communication channels: talking to the sender in person, calling or texting them. Have executives and senior management lead by example.
3. Implement a multi-faceted phishing training program that can teach key principles to prevent whaling attacks and safely allow employees to put skills to the test.
4. Ensure the appropriate security measures are in place. The most important solutions that you should have as part of your security strategy include antivirus software, a firewall, and email security software.

Protect Against Whaling with PacGenesis

If you are looking for cutting-edge security solutions to help keep your business data safe, PacGenesis is your trusted advisor for finding and implementing the best solutions for your organizations needs. With over 10 years in data security, we partner with and implement best-in-class security systems. Chat with us today to see which option may be best for your company. 
To learn more about PacGenesis, follow @PacGenesis on Facebook, Twitter, and LinkedIn, or visit us at pacgenesis.com.

512-766-8715