Many different types of phishing attacks take place out there in the world. Out of those phishing attack types, whale phishing has received a lot of attention. According to, thousands of people as well as companies become victims of whale phishing, which can end up with frustration and financial losses.
Define phishing scam
Phishing scams take place in order to trick the targeted individuals and companies, so that financial gains can be achieved in the long run. For example, the employees of a specific company can be sent with emails, representing the senior management, while asking them to make a donation to a specific charity. If the employees don’t double check and make donations, they will be putting their money to a scammer, who sent the phishing mail.
What is whale phishing?
There is a strong relationship in between phishing and whale phishing. In fact, whale phishing is a targeted attempt, which has got the objective of stealing sensitive information that belongs to a company. In here, the hackers are interested in getting the personal information of employees, or financial information of the company. They do it for malicious reasons.
Usually, the whale phishing attacks target senior management of the company, who have access to all the information that scammers are looking for. In other words, CEOs, CFOs and other top level executives become victims of phishing whaling attempts.
This type of phishing attacks are known as whaling, due to the nature of their targets. In other words, the people who are engaged with whaling phishing are continuously looking for the whales, which they can launch their campaigns. They pay careful attention when selecting the whales as well. That’s because they want to make sure that they get the best possible results out of the whale phishing efforts.
Are whale phishing attacks successful?
Yes, there is a high rate of success linked with the whale phishing attacks. That’s mainly because the people who send out whale phishing emails become so careful, so that they make the fraudulent emails look like they originate from trusted sources. Due to this reason, the whales go ahead and open the emails without thinking twice. They realize that they have become victims of a whale phishing attack, only after their sensitive information is stolen.
The websites and emails that are being used for whale phishing are extremely personalized. This is another prominent reason behind the high rate of success linked with them. They include the names, basic details and job titles of the whales as well. Hence, the communications take place in a legitimate manner. It has also been identified that the attackers are spoon feeding email addresses and the real looking corporate logos to make the attacks look like they are coming from trusted sources, such as banks, business partners and government agencies.
The whale phishing attacks are somewhat difficult to identify when compared to the traditional phishing attacks. That’s mainly because the whale phishing emails are extremely personalized. Moreover, those emails are sent only to a few selected targets, or whales. If you take a look at the whale phishing examples, you will be able to figure out how they are being done.
Usually, the people who are engaged with whale phishing engage with social engineering in order to get more information about their targets. Once all essential information is gathered, they go ahead with the attacks. Some of them use attachments or hyperlinks to infect the victims with malware. On the other hand, some of them use the attachments or hyperlinks to gain access to their social information. Both these methods can lead the targets towards a lot of hassle and frustration in the long run.
With whale phishing, the hackers are provided with the opportunity to get their hands on extremely high gains. Hence, they don’t think twice before they spend too much time and effort on social engineering. It provides them with a lot of opportunities to consider in the long run as well. The attackers also use social media accounts, such as LinkedIn, Twitter and Facebook to get hold of the information that they need. Some of the useful details that can be extracted out of these social media networks include names of coworkers, job details and company information. If they gather information as much as possible, they will be able to guide the whale phishing attacks in the direction of success.
Examples for phishing whaling attacks?
It is possible to find many different instances to point out as the examples of phishing whaling attacks. If you take a look at all these examples, you will notice that they are quite difficult to detect as scams. When you look at, you can easily figure out why it is.
Back in year 2016, Snapchat became a victim of a whale phishing attack. As you already know, Snapchat is one of the most popular social media platforms. One of the highly ranked employees at Snapchat were sent by an email, impersonating the CEO of the company. This email asked him to expose all the employee payroll related information. Since the email looked legitimate, the executive decided to go ahead and share information with the scammer without thinking twice. It was a big blow for all the employees who were working for Snapchat. This incident was later reported to FBI as well. To minimize the negative consequences created as a result of the incident, all the affected employees were provided with identity theft insurance for a period of two years.
A similar indicate took place at Seagate during 2016 as well. In here, the phishing whaling emails were sent to both current employees and previous employees of the company. This email was related to W-2 forms. More than 10,000 employees were affected by this. As a result, a lot of employees had to waste thousands of dollars on the scam.