Attacks & Threats
Whaling
Definition
A spear-phishing attack aimed at senior executives or other high-value targets, typically seeking large fraudulent payments or access to strategic information.
Examples
- An email purporting to be from a law firm sending a CEO a "confidential subpoena" that installs malware.
- A fake board-chair message asking the CFO to authorize a same-day acquisition payment.
Related terms
Spear Phishing
A targeted phishing attack tailored to a specific individual or organization using personal or professional details collected in advance.
Phishing
A social-engineering attack in which an attacker impersonates a trusted party to trick a victim into revealing credentials, transferring money, or running malware.
CEO Fraud
A subtype of business email compromise in which an attacker impersonates a senior executive to pressure an employee into performing an unauthorised wire transfer or sensitive action.
Business Email Compromise
A targeted fraud in which an attacker impersonates or takes over a corporate mailbox to trick an employee into wiring money, changing payment details, or sending sensitive data.
Social Engineering
The psychological manipulation of people into performing actions or disclosing confidential information that benefits an attacker.
Email Spoofing
Forging email headers so a message appears to come from a trusted sender, typically to enable phishing, fraud, or malware delivery.