What is a Whaling attack?
Whaling attack, also known as Whale phishing attack is a type of phishing attack that targets wealthy, prominent, and high-profile individuals such as CEOs, CFOs, and senior or high-level executives.
How does it work?
Whaling attack targets high-profile targets because they’re likely to possess access to more confidential data, intellectual property, and other sensitive information.
Due to their highly targeted nature, whaling attacks are often more difficult to detect than standard phishing attacks. This is because the sender's email address and the links used in the email are designed to look very legitimate.
Examples of a whaling attack
Example 1 - Snapchat fell victim to a whaling attack
In 2016, the payroll department at Snapchat received a whaling email that purported to come from the CEO asking for employee payroll information. In response to the email, the payroll staff disclosed all of the company’s payroll data to a scammer.
Example 2 - Mattel lost $3million in a whaling attack
Toy giant Mattel lost over $3 million after a senior finance executive fell victim to a whaling email attack. The email purported to come from the new CEO and requested a wire transfer.
Example 2 - Seagate suffered a whaling attack
Another similar incident happened in March 2016, when an executive at Seagate responded to a whaling email that requested the W-2 forms for all current and former employees. The incident resulted in a breach of income tax data for nearly 10,000 Seagate employees.
How to defend against whaling attacks?