Do you have a high position in your company? Then you might become a target of ‘whaling’. Criminals know that there is potentially more money to be made from you, because of your position within the company. What can you do to prevent such attacks and how can you further protect yourself? Read it in our article below!

What is whaling?

Whaling is a term used to describe a highly targeted and sophisticated form of cybercrime that specifically targets high-level executives and prominent individuals within organisations. Whaling is also known as CEO fraud or executive impersonation and is a type of phishing attack that sets itself apart from traditional phishing attempts. While regular phishing attacks cast a wide net, hoping to trick as many victims as possible, whaling takes a more focused approach. It aims to deceive and manipulate key individuals who hold significant authority or have access to valuable information.

Thus this type of attack is a form of spear phishing in which criminals mainly target one or more people in high positions. The attack is therefore often personalised and comes across as reliable. People with a high function within an organisation should always be extra alert on the emails they receive.

The term whaling here refers to a “whale”, or a person with great influence or interests. The potential financial gain is therefore greater.

Why is whaling dangerous?

It is essential to differentiate whaling attacks from other types of phishing attempts. While regular phishing emails may be more generic and less targeted, whaling attacks are customized to exploit the specific roles and responsibilities of high-profile individuals. By understanding the distinct nature of whaling attacks, organizations can better equip themselves to identify and mitigate these risks effectively.

In the face of this targeted and sophisticated cyber threat, it becomes paramount for individuals and organisations to prioritise security awareness, implement robust cybersecurity measures, and foster a culture of vigilance.

In 2016 Snapchat became a target of a whaling attack. An attacker impersonated the company’s CEO and sent an email to an employee in the payroll department, requesting confidential employee information. Unfortunately, the employee fell for the deception and unknowingly provided the sensitive data to the attacker. This incident highlighted the potential risks of whaling attacks in compromising sensitive employee information.

How does whaling work?


Attackers orchestrating whaling attacks often begin by conducting extensive reconnaissance on their intended targets. They meticulously gather information from public sources, social media profiles, and company websites to gain insights into the targeted individual’s role, responsibilities, and connections within the organisation.


Armed with this knowledge, the cybercriminals craft personalised messages that appear legitimate and urgently require the target’s attention. They skillfully manipulate the trust and authority associated with high-level executives or prominent individuals to enhance the credibility of their messages.

One common technique employed in whaling attacks is email spoofing. Attackers forge the email address or domain to make it appear as if the email is originating from a trusted source within the organisation. This deceptive tactic increases the likelihood of the victim falling prey to the scam.

Social engineering

In addition to impersonation, social engineering plays a pivotal role in the success of whaling attacks. Attackers exploit various psychological tactics to create a sense of urgency or fear, compelling the target to bypass normal security protocols or disclose sensitive information. These social engineering methods can include invoking the authority of the executive, instilling a sense of importance, or capitalising on the target’s desire to be helpful and responsive.

To further enhance their chances of success, whaling attackers may employ techniques such as business email compromise (BEC) or spear phishing. BEC involves compromising legitimate email accounts or using look-alike domains to deceive recipients into believing the communication is legitimate. Spear phishing, on the other hand, involves crafting highly targeted emails with customized content that relates to the individual’s position or current activities, increasing the likelihood of engagement.

The goal of a whaling attack

The ultimate goal of whaling attacks is to deceive victims into divulging sensitive information, such as login credentials, financial data, or confidential company information. Once the attackers gain access to this information, they can exploit it for various malicious purposes, including unauthorised access, identity theft, or even launching further attacks within the organisation.

How to recognise an attack?

Detecting a potential whaling attack requires a keen eye for suspicious patterns and a cautious approach to digital interactions. By recognizing the signs and red flags associated with these targeted cyber threats, individuals and organizations can act swiftly to protect themselves from falling victim to whaling attacks.

  • Urgency: Whaling attacks often rely on creating a sense of urgency to bypass normal security protocols. Be wary of emails or messages that demand immediate action, claim to involve sensitive matters, or pressure you to bypass standard procedures.
  • Spoofing: Pay close attention to the sender’s email address and domain. Whaling attackers may forge these details to mimic legitimate addresses, using slight variations or look-alike domains. Check for inconsistencies, misspellings, or unusual characters that may indicate a fraudulent attempt.
  • Impersonation of High-Level Executives: Whaling attacks rely on impersonating individuals in positions of authority or influence within an organisation. Watch for emails or messages claiming to come from CEOs, CFOs, or other high-ranking executives, especially when they deviate from typical communication patterns.
  • Unfamiliar requests: Exercise caution when receiving unusual requests, particularly those involving sensitive information or financial transactions. Be skeptical if the request asks for confidential data, login credentials, or funds without a valid reason or proper verification.
  • Language usage: Whaling attackers may exhibit language inconsistencies, grammatical errors, or awkward phrasing in their messages. These can serve as warning signs, as legitimate communications from high-level executives often adhere to professional language standards.
  • Attachments: Be cautious of emails containing unexpected attachments, especially if they prompt you to enable macros or execute potentially harmful actions. Malicious attachments can deliver malware or initiate unauthorised access attempts.
  • Payment instructions: Whaling attacks may target financial transactions by providing altered or fraudulent payment instructions. Verify any changes to payment details through established communication channels before proceeding.

How do I protect my organisation against whaling?

Although, as with other forms of phishing, you cannot protect yourself completely against whaling, you can apply a number of best practices as an organisation.

Create awareness within your organisation

The first step in defending against any form of cyber threat is to create awareness within your organisation. By means of cyber security awareness training, you can train members of your organisation to recognise the various forms of threat.

Be careful with social media

Every employee, but for whaling, this mainly concerns high-ranking employees, should be careful when posting and sharing information on social media sites such as Facebook, Twitter, and LinkedIn. Cybercriminals can use information such as birthdays, job titles, promotions, and contacts to build more complex attacks.

Consider changing company policy

Trust is good, control is better. Consider, for example, always having payments above a certain amount authorised by two people instead of one.

In addition, an extra layer of verification can be added to a process. For example, when carrying out important or sensitive transactions, you can have a face-to-face meeting or telephone call for verification.

FAQ about Whaling

What is the difference between whaling and phishing?

Whaling is a more targeted form of phishing that focuses on high-level executives or prominent individuals within organisations. While regular phishing attacks cast a wider net, attempting to deceive a larger number of individuals, whaling attacks are tailored and personalised to exploit the specific roles and responsibilities of key individuals.

Can technology alone prevent whaling attacks?

While technology plays a crucial role in mitigating whaling attacks, it is not sufficient on its own. Whaling attacks often exploit human psychology and trust, making it essential to combine technology with employee education and awareness.