Whaling

Security+ 🏆 • Social Engineering 👥 • Threats ⚠️ • Difficulty: free

Definition

Whaling is a targeted form of spear phishing aimed at high-profile individuals, such as executives, directors, or senior leaders, who have valuable access or authority. The attacker crafts highly believable messages to pressure the target into approving payments, sharing sensitive data, or granting access.

Examples

An attacker impersonates the CEO and emails the finance director requesting an urgent wire transfer for a confidential acquisition.
A fake legal notice is sent to a senior executive, pressuring them to open an attachment or sign in to review “court documents.”

Discover 🔎

Whaling targets the people who can say “yes” quickly. Executives and senior leaders often have broad access, authority to approve payments, and influence over staff. They are also highly visible, which makes it easier for attackers to research their role, relationships, and communication style. That combination makes them attractive targets.

Remember: Whaling is spear phishing aimed at the biggest targets. The goal is often authority abuse, not just clicking a link.

Open the interactive lesson Browse more topics

Tip: The interactive version includes progress tracking, decks, and premium deep dives.