You don’t need to be a hardened sea dog to know the bigger the fish, the harder to catch — but the bigger the payoff. Cybercriminals understand this concept, too. And as their phishing techniques become increasingly polished, they’re turning their harpoons on the leviathans of the business world: the C-suite.
When cybersecurity experts talk about whaling, they could mean one of two types of attack:
- A spear phishing attack directed against senior executives, with the goal of accessing customer data, bank account numbers, passwords, or any other valuable information. (As described in this recent Kaspersky article.)
- A spear phishing attack in which the attackers digitally impersonate a senior executive, in the hopes of tricking lower-level employees into making a wire transfer or revealing sensitive information. (As described by Mimecast here.)