Skip main navigation

Recapping Email-based Attacks

A summary of the main characteristic of phishing, spear-phishing and whaling and best practices to implement in defending against these attacks.

Email Based Attacks

Phishing | Spear-phishing | Whaling



The fraudulent attempt to obtain sensitive information by disguising oneself as a trustworthy entity in an email.


The act of sending emails to specific and well-researched targets while purporting to be a trusted sender.


The fraudulent use of a compromised email account of a CEO or other high-ranking executive.

Differences and objectives

The key difference between these attacks is in the specificity of the sender and receiver of the fraudulent email. Phishing emails are sent to a large group of individuals, generally from an external organization, whereas spear-phishing takes a more personal and targeted approach regarding the receiver of the email. Whaling is even more specific as the identity of the sender and receiver are critically important, where often the sender claims to be from the same organization as the receiver.

The objective of phishing and spear-phishing is either to infect devices with malware or convince victims to hand over information or money. On the other hand, the objective of whaling is mainly to access information or accounts of a senior member of an organization to, for example, transfer funds or sell employee data. All employees of an organization are at risk of being targeted by phishing, spear-phishing, and whaling attacks, and high-ranking officials are especially at risk of being impersonated. To defend against email-based attacks, be very suspicious of unusual, demanding, and urgent requests and always do the following:

  • double-check email addresses
  • use multi-step verification
  • do not click on links and attachments in emails unless you are expecting them
  • do not reply to unknown email addresses
  • report any suspicious emails

Keep these best practices in mind in your daily routine to ensure your personal and organizational information and accounts remain secure.

This article is from the free online

Cyber Security Foundations: Common Malware Attacks and Defense Strategies

Created by
FutureLearn - Learning For Life

Reach your personal and professional goals

Unlock access to hundreds of expert online courses and degrees from top universities and educators to gain accredited qualifications and professional CV-building certificates.

Join over 18 million learners to launch, switch or build upon your career, all at your own pace, across a wide range of topic areas.

Start Learning now