whaling

Whaling is a type of fraud that targets high-profile end users such as C-level corporate executives, politicians and celebrities.

Whaling is a type of fraud that targets high-profile end users such as C-level corporate executives, politicians and celebrities.

As with any phishing endeavor, the goal of whaling is to trick someone into disclosing personal or corporate information through social engineering, email spoofing and content spoofing efforts. The attacker may send his target an email that appears as if it's from a trusted source or lure the target to a website that has been created especially for the attack. Whaling emails and websites are highly customized and personalized, often incorporating the target's name, job title or other relevant information gleaned from a variety of sources. 

The term whaling is a play-on-words because an important person may also be referred to as a "big fish." In gambling, for examples, whales describe high-stakes rollers who are given special VIP treatment.

Due to their focused nature, whaling attacks are often harder to detect than standard phishing attacks. In the enterprise, security administrators can help prevent success whaling expeditions by encouraging corporate management staff to undergo information security awareness training.

See also: spear phishing

This was first published in February 2014

Continue Reading About whaling

Glossary

'whaling' is part of the:

View All Definitions

Dig deeper on Email and Messaging Threats (spam, phishing, instant messaging)

Pro+

Features

Enjoy the benefits of Pro+ membership, learn more and join.

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

-ADS BY GOOGLE

File Extensions and File Formats

Powered by:

SearchCloudSecurity

SearchNetworking

SearchCIO

SearchConsumerization

SearchEnterpriseDesktop

SearchCloudComputing

ComputerWeekly

Close