What Is a Whaling or Whale Phishing Attack Online?
An online phishing attack typically involves a scammer attempting to impersonate a service you use in a bid to get credentials or money out of you. Another more targeted and potentially more lucrative version of this scam is called whaling or whale phishing.
Whale Phishing Targets Businesses and Organizations
The biggest difference between a standard phishing attack and a whale phishing attack is how the scammer targets victims. While phishing attacks are sent out to hundreds or thousands of people at a time, whale phishing attacks are often far more targeted.
A whale phishing attack may target a single individual within a business using information garnered from within that organization. Scammers will put in more research to dupe their targets, which may involve studying hierarchies and company info online, or getting information from within the company itself.
For example, a scammer will usually pose as a high-level member of staff. This could be a manager or technician, or it could be the CEO or owner. Picking a figure of authority is crucial for the scam to work since the target (often lower-level employees) is more likely to fulfill a request without questioning it.
So in one scenario, a scammer may pose as a senior account manager, drawing an employee’s attention to an invoice that needs to be paid. The email may contain a link to an external website that is used to steal login credentials or contains instructions to make a payment to…