What is whaling in cyber security?

Whaling is an old-fashioned term used in cybersecurity.

Whaling is an old-fashioned term used in cybersecurity. It refers to a type of phishing attack that targets high-level executives and other high-profile individuals. The goal is obtaining sensitive information or assets.

Whaling differs from other types of phishing (or spear phishing) because it can be extremely hard to detect. It is also more costly for victims than other kinds of attacks. It requires extensive research on the part of attackers and involves targeting specific people at companies who have access to valuable data or resources.

Whaling typically follows a targeted approach. This means that whalers will choose their targets based on factors like title, company size, location, industry sector. The hackers will sometimes even contact the target previously before deploying an attack.

Whaling and phishing attacks are similar.

Both whaling and phishing attacks involve sending emails to specific people. The goal of both is to trick the recipient into clicking on a link or opening an attachment that contains malware that can be used to steal information from the victim’s computer or bank account.

Both whaling and phishing are examples of social engineering, a type of hacking that uses human psychology in order to obtain access to sensitive information for malicious purposes. Here’s an example. If you were asked by someone whom you’ve only met once if they could borrow your laptop because their own died, would you give them the password? Most likely not! You’d probably say no or ask them why they needed it first. But what if instead it was someone who had just helped you fix your printer earlier today? Would there be any hesitation then? Perhaps not as much because we tend to trust people who have done us favors before over strangers we’ve never interacted with before (even though most people are nice!).

Handing over access to your work accounts is never a good idea!

Who is targeted by these attacks?

Whaling attacks are often aimed at high-level executives and employees in a company. This includes, but is not limited to:

  • CEOs
  • CFOs
  • CIOs
  • Directors, vice presidents, and managers of departments such as operations and sales

Those who have access to sensitive information that would be valuable to the attacker in some way are also targeted. They could contribute to the success of an attack. For example, someone with knowledge of a company’s finances could help an attacker determine which accounts contain large sums of money that can be stolen easily. If they’re able to get this information without being noticed by others in their organization (such as during meetings), then it could prevent detection during future attempts as well.

What are the consequences of an attack?

What are the consequences of a whaling attack?

The consequences of a whaling attack can be severe. In addition to identity theft and financial loss, whaling attacks can also lead to damage to your reputation and career. Whaling attacks often use collaboration with others in order to gain access to more personal or sensitive information than an individual would normally give out online. For example, passwords or other authentication information that could compromise your accounts at multiple sites. You may also have documents containing sensitive data on your hard drive that could be used for blackmail in return for not releasing these documents publicly or sharing them with others.

Whaling attacks are serious threats to any business’ security

These attacks can also be used to steal personal information, like your address, phone number, and social security number. They are often targeted at high-ranking employees so that hackers can gain access to company information or even money from their bank accounts.

Whaling attacks are not always easy to spot and may appear legitimate because the emails look like they come from someone you know. If you receive an unexpected email asking for money or sensitive data, don’t click on any links within the messages!


Just like other types of phishing, you have to be diligent in your efforts to protect your business. Make sure your employees are trained on cybersecurity. Additionally, it’s important to work with a cyber security consultant to keep an eye on your systems and protect against various types of attacks.

Last Updated: July 5th, 2022Categories: Cybersecurity Tips, Small BusinessTags:
Go to Top