Whaling (CEO Fraud)

Compared to spear phishing attacks, whaling attacks are drastically more targeted.

Whaling attacks go after individuals in an organization such as the chief executive officer or chief financial officer of a company.

One of the most common goals of whaling attacks is to manipulate the victim into wiring large sums of money to the attacker.

Similar to regular phishing in that the attack is in the form of an email, whaling may use company logos and similar addresses to disguise themselves.

In some instances, the attacker will impersonate the CEO and use that persona to convince another employee to reveal financial data or transfer money to the attacker’s account.

Since employees are less likely to refuse a request from somebody higher up, these attacks are much more devious.

Attackers will often spend more time crafting a whaling attack because they tend to pay off better.

The name “whaling” refers to the fact that targets have more financial power (CEO’s).