What is a Whaling Attack?

Cyber criminals have become a lot more crafty over the past few years. By using different tactics, crooks have been rather successful in defrauding victims one way or another. Whaling attacks are quickly becoming very popular, even though they are not necessarily easy to pull off.  While phishing attacks are rather common, the whaling attack takes things one step further.

The Whaling Attack Can Result In A Big Payday

Security experts will be all too familiar with the concept of a whaling attack. Although “whales” are nothing new in the financial world, a whaler is not someone anyone wants to encounter these days. Whaling is an advanced version of a phishing attack with the sole purpose of targeting high-profile victims for financial gain. It shares some similarities with the compromised business email attack, although the stakes are a lot higher for whalers.

To be more specific, the whaling attack starts out like a regular phishing attack. Criminals aim to trick a victim into disclosing personal or corporate information through a process known as social engineering. In some cases, criminals will also use content spoofing to create a false “connection” between themselves and the victim. As long as the initial contact seems legitimate enough, there is no reason to think anything is wrong.

In most cases, a whaling attack starts with the criminal sending an email to its intended target. Due to the high stakes associated with this method of attack, the target will often be a C-level corporate executive, a celebrity, or even a politician. The vast majority of whaling emails are highly customized, personalized, and look extremely professional. The messages even include the target’s full name, job title, or any other relevant information to make the email look genuine.

Although one could argue a whaling attack is nothing more than a “fancier” phishing attack, things are not as simple. Detecting a whaling attack is far more difficult than defending against a phishing attack. Moreover, since most wailing attacks seemingly originate from a trusted source – including banks and business partners – it is virtually impossible to distinguish these attacks from legitimate communications.

Moreover, unlike a widespread phishing attack, the whaling attack focuses on one specific target. Social engineering, combined with a seemingly legitimate business email can go a long way in this regard. Moreover, assailants spend a lot more a time and effort perfecting their methods, increasing their chance of success.

The reason why this technique is referred to as a “whaling attack” is due to the criminals’ hope to trick big fish into committing fraud. A top-level executive or a celebrity is a very prominent target in this regard, as they often possess plenty of financial means. In the end, all criminals want is to make as much money as possible, preferably from one “big” con. Whaling attacks lend themselves perfectly for this type of purpose, that much is certain.

If you liked this article, follow us on Twitter @themerklenews and make sure to subscribe to our newsletter to receive the latest bitcoin, cryptocurrency, and technology news.