Most people have heard or know what a phishing scam is; the fraudulent practice of sending emails purporting to be from reputable companies in order to induce individuals to reveal personal information, such as passwords and credit card numbers.
But have you heard of a whaling scam? A whaling scam is a targeted attempt to steal sensitive information from a company, like personal details about employees or financial information, for malicious reasons. A whaling attack specifically targets senior management that hold power in companies, such as the CEO, CFO, or other executives who have complete access to sensitive data.
Why is it called whaling? Because of the size of the targets relative to those of typical phishing attacks are carefully chosen because of their authority and access within the company. The goal of a whaling attack is to trick a high ranking employee to disclosing personal or corporate data. This usually done through email or website spoofing.
Here are some tips to avoiding this scam:
- Be wary of short, generic messages. Scammers won’t write a long email, they’ll try to pass off something short and generic as harmless, hoping you’ll click quickly without thinking.
- Think before clicking or downloading. A mouse click is all it takes to inadvertently grant access to your computer, accounts, and information.
- Be cautious about what you share. Confirm with an executive before sending out any requested sensitive or personal information.
- Watch out for emails to groups. Sending a malicious email “from the CEO” to a staff or employee email list is the fastest way for a scammer to attack and affect an entire business.