Whaling phishing is a method used by cybercriminals that aim to obtain sensitive information about a target, steal money, or access their computer systems for malicious purposes.
Whaling differs from phishing in that it targets high-profile, well-known, and wealthy individuals – CEOs, top-level executives, even celebrities, hence the name “whaling.” Fraudsters and cybercriminals can use the phished information to extort their victims or deceive them into providing even more confidential or personal data.
In other words, whaling represents a form of Business Email Compromise (BEC), a type of social engineering attack in which malicious players pretend to be the CEO of the company you work in or another authority figure and ask you to send money or give them access to sensitive information.
How Does a Whaling Phishing Attack Work?
The basic step in a whale phishing attack is research. Attackers will try to use every resource they have to find out more about the people they want to impersonate and their work environment. They will check social network profiles in order to gain insights that might be later used in an email in order to seem trustworthy.
The email address they would use would also seem authentic, and the