Skip main navigation

Recapping Email-based Attacks

A summary of the main characteristic of phishing, spear-phishing and whaling and best practices to implement in defending against these attacks.

Email Based Attacks

Phishing | Spear-phishing | Whaling



The fraudulent attempt to obtain sensitive information by disguising oneself as a trustworthy entity in an email.


The act of sending emails to specific and well-researched targets while purporting to be a trusted sender.


The fraudulent use of a compromised email account of a CEO or other high-ranking executive.

Differences and objectives

The key difference between these attacks is in the specificity of the sender and receiver of the fraudulent email. Phishing emails are sent to a large group of individuals, generally from an external organization, whereas spear-phishing takes a more personal and targeted approach regarding the receiver of the email. Whaling is even more specific as the identity of the sender and receiver are critically important, where often the sender claims to be from the same organization as the receiver.

The objective of phishing and spear-phishing is either to infect devices with malware or convince victims to hand over information or money. On the other hand, the objective of whaling is mainly to access information or accounts of a senior member of an organization to, for example, transfer funds or sell employee data. All employees of an organization are at risk of being targeted by phishing, spear-phishing, and whaling attacks, and high-ranking officials are especially at risk of being impersonated. To defend against email-based attacks, be very suspicious of unusual, demanding, and urgent requests and always do the following:

  • double-check email addresses
  • use multi-step verification
  • do not click on links and attachments in emails unless you are expecting them
  • do not reply to unknown email addresses
  • report any suspicious emails

Keep these best practices in mind in your daily routine to ensure your personal and organizational information and accounts remain secure.

This article is from the free online

Cyber Security Foundations: Common Malware Attacks and Defense Strategies

Created by
FutureLearn - Learning For Life

Our purpose is to transform access to education.

We offer a diverse selection of courses from leading universities and cultural institutions from around the world. These are delivered one step at a time, and are accessible on mobile, tablet and desktop, so you can fit learning around your life.

We believe learning should be an enjoyable, social experience, so our courses offer the opportunity to discuss what you’re learning with others as you go, helping you make fresh discoveries and form new ideas.
You can unlock new opportunities with unlimited access to hundreds of online short courses for a year by subscribing to our Unlimited package. Build your knowledge with top universities and organisations.

Learn more about how FutureLearn is transforming access to education