What is Whaling?
In a previous blog post, we explained the basics of Phishing. This post will go into detail on another type of Social Engineering called Whaling.
Whaling is a type of Phishing attack that is targeted towards high-profile individuals. This may be people such as Corporate Executives, Politicians or Celebrities. In this case, the directed phishing email will take a more serious executive-level form. The content of the email is often written as a legal document, customer complaint, or executive issue.
Whaling emails are designed to mimic business critical emails, and usually involve some kind of company-wide concern. Attackers may also forge legal documents.
How does Whaling put you at Risk?
As the email appears to be a business or legal concern, it is very difficult to ignore. It adds a sense of urgency to the email, meaning that the victim is less likely to notice the signs of phishing.
In addition, the emails often have forged documents attached to them. The email may claim that the user needs to download software to view it, and this will be a form of malware. Similarly, the email may lead to a log-in portal, where the victim’s data can be stolen.
Senior executives within an organisation are also a target as they may have received less Security Awareness training than the general employees within the business.
How can you Protect Yourself from Whaling?
- Check the sender of the email.
- Hover over any links in the email to see where it will go.
- Check for any spelling or formatting mistakes.
- Search Anti-Phishing sites to see if the sender/content of the email has been marked as a scam.
- Follow up on suspicious emails with the company they claim to be from.
Pentest People have a full Phishing Platform that can be used as part of a Social Engineering engagement. Be sure to get in touch with us if this is something of interest.