Contributor(s): Sharon Shea

Whaling is a type of fraud that targets high-profile end users such as C-level corporate executives, politicians and celebrities.

As with any phishing endeavor, the goal of whaling is to trick someone into disclosing personal or corporate information through social engineering, email spoofing and content spoofing efforts. The attacker may send his target an email that appears as if it's from a trusted source or lure the target to a website that has been created especially for the attack. Whaling emails and websites are highly customized and personalized, often incorporating the target's name, job title or other relevant information gleaned from a variety of sources. 

The term whaling is a play-on-words because an important person may also be referred to as a "big fish." In gambling, for examples, whales describe high-stakes rollers who are given special VIP treatment.

Due to their focused nature, whaling attacks are often harder to detect than standard phishing attacks. In the enterprise, security administrators can help prevent success whaling expeditions by encouraging corporate management staff to undergo information security awareness training.

See also: spear phishing

This was last updated in February 2014

Continue Reading About whaling

Dig Deeper on Email and messaging threats

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.


File Extensions and File Formats