what is whale phishing

Whale phishing is a highly targeted form of phishing attack that is aimed at high-profile individuals, such as senior executives. The fraudulent communications sent to these individuals appear to have come from someone senior or influential at their organization, such as the CEO or finance manager. Cybercriminals use significant research that utilizes openly available resources such as social media to craft a bespoke approach thats tailored for those target individuals. The goal of a whaling attack is to coerce the recipient into taking an unwanted action, such as triggering a wire transfer, clicking on a link or opening an attachment that installs malware or sends the target to a malicious website impersonating one that's legitimate. Due to their highly targeted nature, whaling attacks are often more difficult to detect and prevent than standard phishing attacks. To reduce the effectiveness of whaling attacks, security administrators can encourage corporate management staff to undergo information security awareness training.