Skip main navigation

Defining Whaling

In this video, you will be introduced to whaling, also known as CEO fraud.
Hello. And welcome to Section 1.3 of the Attacks course, Whaling. I’m Lisa Gilbert, and I will be sharing a lot of helpful information so you can understand this type of attack and defend against it. In our discussion of whaling, I will first define whaling and why it is important to understand and prevent. Next, I will discuss what attackers are trying to accomplish. Then I will explain exactly who is at risk and explore the red flags and warning signs that an attack is taking place. We will also explore some of the tactics used by attackers and I will share several real life examples. Lastly, I’ll describe how you can protect yourself and your organization from whaling attacks.
Before we can discuss whaling, we need to understand what it is. Whaling, also known as CEO fraud, is the fraudulent use of a compromised email account of a CEO or other high ranking executive. This is an even more targeted form of spear-phishing used against big fish or whales of an organization. Whaling adds another aspect of social engineering to the attack, because subordinates are reluctant to disobey important members of their organization. Let’s discuss why this is important, what bad actors are looking for, and how they carry out their attacks. What are whaling attackers trying to accomplish? There are a few primary objectives when it comes to whaling attacks.
First, the attackers are focused on gaining access to the information or accounts of a senior member of an organization. Once they have access to this information, the attack generally takes one of two forms. In many willing attacks the senior member’s information or credentials are used to craft an authorization for fraudulent wire transfers to a financial institution of the attackers choice. This attack method has resulted in losses in the billions of US dollars in the last few years. The other primary goal is to obtain W-2 or personal information for all employees. This information can then be used to file fake tax returns posing as employees. Or the employee information is simply sold on the dark web.
This happened to our teenage daughter who worked at a part time job a couple summers ago. Her identity was stolen and someone filed taxes in her name. This is still causing problems for her and for us every time we file our taxes. So who is at risk for a whaling attack? Obviously, high ranking figures within a corporation, or even celebrities or political figures are targets of whaling attacks. But as we have seen, every employee at a company, down to teenagers working part time, can suffer the results of a whaling attack.

In this video, you will be introduced to whaling, also known as CEO fraud. We will discuss what whaling attackers are trying to accomplish and highlight who is at risk.

This article is from the free online

Cyber Security Foundations: Common Malware Attacks and Defense Strategies

Created by
FutureLearn - Learning For Life

Our purpose is to transform access to education.

We offer a diverse selection of courses from leading universities and cultural institutions from around the world. These are delivered one step at a time, and are accessible on mobile, tablet and desktop, so you can fit learning around your life.

We believe learning should be an enjoyable, social experience, so our courses offer the opportunity to discuss what you’re learning with others as you go, helping you make fresh discoveries and form new ideas.
You can unlock new opportunities with unlimited access to hundreds of online short courses for a year by subscribing to our Unlimited package. Build your knowledge with top universities and organisations.

Learn more about how FutureLearn is transforming access to education