N
% What Is 'Whaling?' GA
S
REGULAR Menu Lifewire Tech for Humans Newsletter! Search Close GO Internet, Networking, & Security > Antivirus 63 63 people found this article helpful
visibility
143 views
thumb_up
7 likes
K
lifewire's editorial guidelines Updated on April 5, 2020 Tweet Share Email Tweet Share Email
In This Article
Expand Jump to a Section The Objective of Whaling Whaling Scams Overview Whaling vs. Phishing Scams How to Protect Yourself Real-life Whaling "Whaling" is a specific form of phishing that targets high-profile business executives, managers, and the like.
thumb_up
33 likes
C
It's different from ordinary phishing in that with whaling, the emails or web pages serving the scam take on a more severe or formal look and are usually targeting someone in particular. For perspective, regular non-whaling phishing is usually an attempt to get someone's login information to a social media site or bank.
thumb_up
4 likes
M
In those cases, the phishing email/site looks pretty standard, whereas, in whaling, the page design addresses the manager/executive under attack explicitly.
What Is the Objective of Whaling
The point is to swindle someone in upper management into divulging confidential company information.
thumb_up
38 likes
H
This usually comes in the form of a password to a sensitive account, which the attacker can then access to gain more data. The end-game in all phishing attacks like whaling is to scare the recipient, to convince them that they need to take action to proceed, like to avoid legal fees, to prevent from getting fired, to stop the company from bankruptcy, etc.
thumb_up
27 likes
C
What Does a Whaling Scam Look Like
Whaling, like any phishing con game, involves a web page or email that masquerades as one that's legitimate and urgent. Scammers design them to look like a critical business email or something from someone with authority, either externally or even internally, from the company itself. The whaling attempt might look like a link to a regular website with which you're familiar.
thumb_up
9 likes
N
It probably asks for your login information just like you'd expect. However, if you're not careful, what happens next is the problem. When you try to submit your information into the login fields, a notification appears stating that the information was incorrect and that you should try again.
thumb_up
44 likes
S
No harm was done, right? You just entered your password incorrectly — that's the scam, though!
thumb_up
34 likes
A
What happens behind the scenes is that when you enter your information into the fake site (which can't log you in because it isn't real), the information you entered is sent to the attacker, and then you're redirected to the real website. You try your password again, and it works out just fine.
thumb_up
2 likes
S
At this point, you have no idea that the page was fake and that someone just stole your password. However, the attacker now has your username and password to the website to which you thought you logged in. Instead of a link, the phishing scam might have you download a program to view a document or image.
thumb_up
35 likes
A
The program, whether real or not, has a malicious undertone to track everything you type or delete things from your computer.
How Whaling Is Different From Other Phishing Scams
In a regular phishing scam, the web page/email might be a faked warning from your bank or PayPal.
thumb_up
13 likes
E
The faked page might frighten the target with claims that their account has been charged or attacked, and that they must enter their ID and password to confirm the charge or to verify their identity. In the case of whaling, the masquerading web page/email will take a more serious executive-level form. The content will target an upper manager like the CEO or even just a supervisor that might have lots of pull in the company or who might have credentials to valuable accounts.
thumb_up
40 likes
A
The whaling email or website may come in the form of a false subpoena, a fake message from the FBI, or some sort of critical legal complaint.
How Do I Protect Myself From Whaling Attacks
The easiest way to protect yourself from falling for a whaling scam is to be aware of what you click.
thumb_up
28 likes
A
It's that simple. Since whaling occurs over emails and websites, you can avoid all malicious links by understanding what's real and what isn't.
thumb_up
19 likes
S
Now, it's not always possible to know what's fake. Sometimes, you get a new email from someone that you've never emailed before, and they might send you something that seems entirely legitimate. However, if you look at the URL in your web browser and make sure to look around the site, even briefly, for things that look a little off, you can significantly decrease your chances of being attacked in this way.
thumb_up
34 likes
I
Do Executives and Managers Really Fall for These Whaling Emails
Yes, unfortunately, managers often fall for whaling email scams. Take the 2008 FBI subpoena whaling scam as an example.
thumb_up
9 likes
A
Scammers attacked about 20,000 corporate CEOs, and approximately 2000 of them fell for the whaling scam by clicking the link in the email. They believed it would download a special browser add-on to view the entire subpoena. In truth, the linked software was a keylogger that secretly recorded the CEOs passwords and forwarded those passwords to the con men.
thumb_up
38 likes
E
As a result, each of the 2000 compromised companies was hacked even further now that the attackers had the information they needed. Was this page helpful?
thumb_up
36 likes
A
Thanks for letting us know! Get the Latest Tech News Delivered Every Day
Subscribe Tell us why! Other Not enough details Hard to understand Submit More from Lifewire The 4 Best Slack Security Tips to Keep Your Team Chats Safe What Is a 401 Unauthorized Error and How Do You Fix It?
thumb_up
20 likes
S
How to Use Passkeys on iPhone, iPad, or Mac How to Remove Your Information From the Web Are iPads Really That Safe from Viruses and Malware? What Is a Windows SmartScreen Filter? DNS Servers: What Are They and Why Are They Used?
thumb_up
28 likes
L
What Is a Cyber Attack and How to Prevent One How to Test a Suspicious Link Without Clicking It Why We Fall for Texting Scams (and How to Stop) How to Manage AutoComplete in Internet Explorer 11 8 Tips on Basic Computer Safety Fake IRS Letters: How to Identify Them and Protect Yourself How to Remove That Microsoft Warning Alert How to Reset or Change Your Instagram Password 9 Best Ways to Hide Your Identity Online Newsletter Sign Up Newsletter Sign Up Newsletter Sign Up Newsletter Sign Up Newsletter Sign Up By clicking “Accept All Cookies”, you agree to the storing of cookies on your device to enhance site navigation, analyze site usage, and assist in our marketing efforts. Cookies Settings Accept All Cookies
thumb_up
8 likes
Similar Discussions
-
St Mirren vs Celtic prediction preview team news and more Scottish Premiership 2022 23
-
Matt Hardy details downfall of WWE s famous storyline during The Invasion
-
Is Earth Spinning Faster? How Ancient Solar Eclipses Are Shedding New Light On Earth s Rotation
-
One Piece Chapter 1028 Spoilers Reddit Recap Release Date and Time The News Pocket
-
Heat s Max Strus Big role off bench CBSSports com
-
ummadum APK Download for Android
-
Lagu Barat Mix Santai MP3 APK Download for Android
-
Spider Car Stunt Mega Ramp Car APK Download for Android
-
Košík cz APK Download for Android
-
en croire le patron de Path les places de cin n ont pas fini d augmenter
-
Fusillade Bagnols sur C ze un jeune du quartier des Escanaux gri vement bless Gard Bagnolssurceze
-
El espejismo de los tipos de inter s puede ser el mayor error de todos Opini n Tipos İnter s
-
Pelsoi Hoyer plead for House Dems to pony up cash to counter GOP fundraising juggernaut
-
A la busca de alternativas a los altos precios del gas C mo ser m s barato calentar nuestra casa este invierno?
-
ltimas noticias breves del mundo hoy 21 de octubre
-
A New Bug Is Trapping Overwatch 2 Players In The Spawn Room
-
Coin Master Free Spins and Coins Links August 31 2022
-
Wordle 426 Today s Hints and Answer for August 19 2022
-
A24 Premieres Official Trailer for Bodies Bodies Bodies The Nerd Stash
-
What you need to know about the man identified as Jihadi John
-
What Sort of Background Do You Need To Be a Successful Entrepreneur?
-
The RTX 4090 selling for over twice its price on ebay Digital Trends
-
Return to Monkey Island How to find the skulls and secret Digital Trends
-
8 Things to Consider Before Buying a Computer Mouse
-
How to Fix Vizio TV Black Screen of Death
-
How to Get on the Instagram Explore Page
-
The 8 Best Music Production Software of 2022
-
A Brief History of Malware
-
How Audio File Formats Differ and What This Means for Listeners
-
A Look Back at the Social Networking App Called Path