Dictionary
min read

Whaling

Whaling is phishing targeting executives to reveal sensitive information

What is whaling?

Whaling is a form of phishing attack specifically targeted at high-ranking executives or other influential individuals. These attacks are highly targeted and often carefully crafted to trick victims into revealing sensitive information or authorizing fraudulent transactions.

What can companies do to avoid whaling?

  • Training and awareness: Regular training programs help executives and employees recognize signs of whaling attacks, such as suspicious emails and unusual requests. This increases awareness and reduces the likelihood of falling for such attacks.

  • Strong authentication: Using two-factor authentication (2FA) or multi-factor authentication (MFA) makes it harder for attackers to access accounts, even if they manage to obtain usernames and passwords. This adds an extra layer of security against unauthorized access.

  • Email filtering: Advanced email filtering systems can detect and block suspicious messages before they reach the inbox. This reduces the risk of employees receiving phishing emails that could lead to whaling attacks.

  • Strict guidelines for financial transactions: Implementing procedures that require multiple approvals for large financial transactions can prevent individuals from being tricked into transferring large sums of money without proper verification.

  • Regular security assessments: Conducting regular security assessments and penetration tests helps identify and address vulnerabilities that could be exploited in whaling attacks. This ensures that security measures are up-to-date and effective.

Sicra and whaling

Sicra recommends having good security routines in place and being extra cautious when it comes to requests for large sums of money.

We can help your company implement email filtering, strong authentication, and conduct security assessments. River Security, an important Sicra partner, can pentest potential attack surfaces in your company, which Sicra can help you secure.

Through our CISO-for-hire service, we can provide security consulting to make your company more resilient against whaling.

Services:

Read about our "CISO-for-hire" service here >

Read about "security training" here >

Related terms: Phishing, Targeted attacks, BEC, Social engineering, CEO fraud.

Need Assistance?

We are happy to have a non-binding conversation.
Contact us

Tailored cybersecurity for institutions and enterprises that allows for innovation, growth, and fearless performance.

Get in touchCall us +47 648 08 488