what is whaling phishing

Whaling phishing is a type of phishing attack that targets high-profile employees, such as the CEO or CFO, in order to steal sensitive information from a company. The term "whaling" comes from the size of the attacks, and the targets are picked based on their authority within the company. Whaling is a highly targeted phishing attack that is digitally enabled fraud through masquerading as a legitimate email. Like all phishing attacks, a successful whaling attempt against a high-profile target still relies on compelling the target, usually under the guise of some urgency. The goal of a whaling attack is to trick an individual into disclosing personal or corporate information through social engineering, email spoofing, and content spoofing efforts. The attackers may send the victim an email that appears to be from a trusted source, and some whaling campaigns include a customized malicious website that has been created especially for the attack. Whaling differs from spear-phishing in that fraudulent communications appear to have come from someone senior, such as the CEO or finance manager.