Whaling attacks are directed at senior administration, executives, CEO's etc. This practice is intended to trick users at the top of an organization, to obtain highly privleged information.
Whaling tactics may include the use of compromised or spoofed emails from a colleague, co-worker, or a client.
Whaling is digitally enabled fraud through social engineering, designed to encourage victims to perform a secondary action, for example, initiating a transfer of funds. Whaling is particularly damaging, due to the high-ranking individuals that the attack targets. A successful whaling attack can be devestating to an organization.
What's the worst that could happen?
"Ask Snapchat, who fell victim to a whaling attack in 2016. An HR rep in the social media giant’s organization forked over payroll data that revealed the personal information of several employees, including stock option data and everything listed on their W-2’s.Barely a month later, a finance exec at Mattel wired $3 million to a Chinese bank after getting email instructions from “the new CEO”. Those scams might even be considered small potatoes compared to some larger-scale attacks that have cost companies tens of millions of dollars. Even worse, they lost a lot of consumer confidence as a result of being so easily compromised."