What is whaling?

Whaling is a heavily targeted phishing attack in which an attacker attempts to phish a high ranking official, often chief executives. These social engineering cyber-attacks contain information that is highly personalized to the intended target to encourage them to click a link that will download malware, transfer funds to the attacker, or share details that can facilitate further attacks. The effects of a successful whaling attack can be devastating, including data loss, financial loss, and reputational damage.

Attackers commonly launch whaling attacks by impersonating other chief executives, trusted contacts in the supply chain, or legitimate services. With seemingly credible personas, the malicious actors communicate with their targets, high ranking officials of an organization, using appropriate business language and manufactured urgency. To further lend credence to a whaling email, some attackers will even call their targets on the phone.

Whaling: Whaling is a specific form of phishing attack that is used to gain access to networks and information by targeting high ranking members of an organization.  

CEO fraud: CEO fraud involves attackers’ impersonating high-ranking executives to solicit information from other members of the organization, whereas whaling involves attackers’ targeting high-ranking executives.  

Phishing: Phishing is the process of sending fraudulent emails while posing as a legitimate sender to convince people to reveal sensitive information such as passwords, social security numbers, bank account information, and more. Phishing typically refers to an attempted cyber-attack on a wider audience, sending fraudulent emails in masses. In contrast, spear phishing and whaling are more targeted forms of phishing, with more concentrated attack efforts.

Spear phishing: Spear phishing is a type of phishing cyber-attack that targets a specific individual or organization rather than a broad audience.  

While spear phishing and whaling are both more specific forms of phishing, whaling specifically targets high ranking officials in an organization.  

Spoofed sender: It is possible to receive an email from a known or trusted sender, but the email’s sender credentials are spoofed. This means that the sender is illegitimate. If you are receiving a message that seems out of context or unusual, always check the sender’s credentials to ensure that they are a legitimate recipient.  

Unusual request: Cyber-attackers can research an organization to find readily available information to construct highly sophisticated emails masking as a legitimate and well-informed sender. If an organization openly interacts with partners, they should be aware that cyber-attackers can use this information to construct sophisticated whaling attacks.

Urgency: A whaling message will contain a sense of urgency that requires the recipient to take immediate action. Attackers do this in hopes that the sense of urgency will result in an impulsive decision from the victim and distract them from verifying the sender’s credentials before sending them sensitive information.

Whaling can be a particularly difficult cyber-attack to defend against. Since these attacks are made specifically for each target, they are novel every time and therefore have the potential to bypass traditional security systems that only defend against known attacks.  

To stop whaling attacks from reaching email inboxes, advanced security solutions like Darktrace/Email™ understand user behavior to identify deviations from normal business activity. This means that even novel attacks and social engineering attacks without obvious spelling errors or poor grammar will still be recognized. When a particular user behaves abnormally, like receiving an email from an unknown sender or sending atypical information, Darktrace can alert the security team and stop this user from causing further harm.