Hello folks,
Maybe some people don’t know what Whaling is. We’ve talked about it when we read a portion of Phishing from Wikipedia.
The article is titled What is Whaling Phishing & How Does it Work? and i found this phishlabs article quite interesting.
There is a heading titled “Phishing vs. Whaling – What’s the Difference?”
Let’s take from this section of the article as I think it explains it better than I could.
Simply put, whaling is a more targeted form of spear phishing that exploits the trust of recipients by pretending to be a known authority figure within a company.
For example, attackers will impersonate a C-level executive in an organization, and use that authority to pressure employees and colleagues to take a specific action. These actions can range from sending over financial statements, clicking on fraudulent links, or even wiring money to unknown accounts.
Many phishing attacks are done indiscriminately and are sent to thousands of different people at once. Email scams are a numbers game, so attackers will send emails in bulk knowing only a small percent will fall for the scam.
Whaling, however, takes the complete opposite approach, and focuses on researching particularly lucrative targets like enterprise organizations. Attacks are well-planned and often include using scraped or stolen information, such as names, email addresses, and phone numbers, from the company’s website to understand the hierarchy of the organization and to aid them in planning who they will impersonate. This way, the fake messages appear more legitimate.
The last paragraph of this section is the most important point to take out of this article. The difference also from a legitimate email is that they could get a similar domain than the original domain they’re targeting.
The sections of the article include:
- What Exactly is Phishing?
- Phishing vs. Whaling – What’s the Difference?
- Example of Whaling Phishing Emails
- Common Elements of Whaling Phishing Email
- How Can I Defend Against Whaling?
- The Agari Advantage
Email Phishing
Spear Phishing
SMiShing
Vishing
How Do I Report a Phishing Attack?
The last heading may not mean too much, but they do talk about who they are and what they can do.
I hope that the article is of interest to you, and you can learn so that you can keep yourself as safe as possible.
Securty is not easy, but we all need to learm it together and this can affect all kinds of businesses and non businesses alike. This is because it talks about Smishing which affects each and every one of us.
Thanks so much for reading, learning and participating with us.
Discover more from The Technology blog and podcast
Subscribe to get the latest posts sent to your email.