Whaling is a kind of spear phishing attack that specifically targets senior executives (the “big fish”) in an organization.
A whaling attack is a type of spear phishing attack targeted specifically at an executive like the CEO or CFO. Spear phishing is an advanced phishing attack directed at a specific individual or company, not necessarily an executive.
Whaling attacks are designed to trick people into doing something like sending a wire transfer or clicking on a malicious link. Oftentimes, criminals will gather and use personal information about their target to personalize the email better and increase their probability of success. As a result, whaling attacks can be very convincing and difficult for both humans and email defenses to catch.
It’s important to note that whaling and CEO fraud are not the same, even though they are sometimes used interchangeably. Whaling attacks target high ranking executives; they don’t necessarily impersonate them. CEO fraud (or CxO fraud) is a type of spear phishing attack where attackers impersonate a CxO or other senior leader.
Whaling attacks can be easy to pull off. Attackers don’t need much capital, special equipment or a particularly advanced skillset. They often just need to invest time into researching a target, which is easy with the proliferation of public profiles on platforms like LinkedIn.
CxOs are incredibly busy and under a tremendous amount of pressure. They most certainly have access to significant amounts of sensitive information, and likely have their attention divided across many parts of the business. Working at a fast pace, on-the-go or outside work hours can lead to CxO’s to make critical mistakes on email and easily be duped into thinking a whaling email is legitimate.
What’s more, CxO’s might be less likely to attend security awareness training due to their busy schedules. More and more companies are investing in training, but busy executives could prioritize educating the staff over themselves, which keeps the business at risk. After all, one employee misstep can have serious consequences for an organization. And CxO’s have a target on their backs due to the amount of sensitive company information that they hold.
The motivation behind whaling attacks is commonly financial. But going after an organization’s finances can have wide-reaching consequences, also affecting intangible factors like company morale and brand reputation. Here are some of the main consequences of whaling attacks:
Most organizations rely on Secure Email Gateways (SEGs) to keep inboxes safe. To identify and prevent inbound email threats, like whaling, SEGs commonly rely on the following—
While SEGs can block malware and bulk phishing attacks, rule-based solutions struggle to stop advanced impersonation attacks and to detect external impersonations, common in whaling attacks. External impersonation is the impersonation of someone who belongs to a different organization than the target such as a supplier or vendor.
Tessian Defender detects all possible impersonation types, including the manipulation of internal and external contacts. Tessian Defender stops advanced threats that legacy systems miss.
Tessian Defender’s stateful machine learning retroactively analyzes historical email data in order to understand the difference between safe and unsafe emails being received. By analyzing multiple data points within email headers, body text and attachment data, Tessian Defender can detect and prevent threats in real time with minimal end-user disruption.