Received an email from your company CEO? Beware, this could be a ‘whaling attack’
‘Whaling’ is a sophisticated form of cybercrime through which cybercriminals target high-profile or senior executives of a company, by posing as its CEO.
A ‘whaling attack’ is a sophisticated form of cybercrime in which cybercriminals target high-profile or senior executives of a company, with an aim to deceive them into revealing sensitive company information or to make them transfer money.

How is whaling different from other methods of cybercrime?
Whaling differs from phishing scams in that the latter targets non-specific individuals. ‘Spear-phishing,’ on the other hand, is similar to a whaling attack in that both target particular individuals.
Whaling, however, goes a step further, with criminals impersonating the company CEO or senior manager so that the victim has no option but to reveal the information the ‘CEO’ wants them to.
Any alternative name for whaling?
For the aforementioned reason, it is also sometimes referred to as a ‘CEO fraud.’ It is called ‘whaling’ because those targeted are ‘big phish (fish)' or ‘whales,’ as are those under whose names the emails are being sent (without their knowledge, of course) to the victims.
What methods are deployed for whaling?
Email spoofing (crafting convincing emails so that these appear to have been sent by the real CEO); social engineering (to gather information about the target so as to personalise the message); and impersonation.
How to prevent a whaling attack?
This can be done by educating employees about such an attack and training them to recognise suspicious requests. Other methods include a multi-factor authentication (MFA) for extra level of protection for sensitive accounts; email authentication protocols, regular security audits, and an incident response plan.
ABOUT THE AUTHORHT News DeskFollow the latest breaking news, major developments and agenda-setting stories from India and around the world with the newsdesk at Hindustan Times. Operating round the clock, the desk brings together experienced editors, reporters and correspondents to deliver fast, accurate and contextual reporting across subjects that influence public policy, governance, business, society and international affairs. The HT News Desk covers politics, elections, government policies, the economy, business and markets, science and technology, the environment, law and order, infrastructure, education, climate issues and geopolitics, while closely tracking developments across states, institutions and global capitals. The team also leads coverage of major breaking news events, policy announcements, court proceedings, natural disasters, public emergencies and significant international developments. Reports published by the newsdesk are based on information gathered from reporters on the ground, official statements, government agencies, court records, regulatory filings, recognised institutions and other authoritative sources. Stories undergo editorial scrutiny and verification processes to ensure accuracy, fairness and relevance, and are updated as events evolve and additional information becomes available. Whether covering a key political decision in New Delhi, an economic policy shift affecting millions, a landmark court ruling or a major global event, the HT News Desk aims to provide readers with reliable, fact-based journalism that delivers not only the latest developments but also the context and analysis needed to understand their wider implications.Read More

E-Paper


