Whaling Attacks

We recently came across the term “whaling” so of course, we needed to know more about it. Here is what the Victor crew found out. It is a form of phishing aimed at high-profile business executives, managers, CEOs, etc. They are going after the “big fish.” The emails sent to them are more official looking and target a particular person. A regular phishing attack usually goes out to a lot of people trying to lure anyone. Whaling is also considered “spear phishing” where it is an attempt to target an individual person or company.

As with phishing, whaling is used to get a person to reveal sensitive information, such as login credentials, to an account. They do this by trying to scare the individual into giving this information up.

Whaling goes so far as to make a web page or email that looks like the legitimate one. You may even be enticed into downloading a program in order to view a page or to get your information. It may come in the form of a false subpoena, message from the FBI, or some kind of legal complaint against you.

Be aware of what you are clicking. If you can, hover over the link and see where it is taking you. Try putting the URL in an analyzer, such as VirusTotal or TrendMicro to see if it is safe. If in doubt, don’t click or download anything you are unsure of.