Scammers Use Whaling Attack Emails to Pose as Upper Management

June 25, 2016

The average business owner may already be aware of what are called phishing attacks – scams that attempt to deceive and trick users into handing over sensitive credentials. However, not all phishing attacks are of the same severity, and some are only interested in hauling in the big catch. These types of attacks are called “whaling,” and are often executed in the business environment under the guise of executive authority.

Whaling attacks are designed to mimic the behaviors of CEOs or other members of upper management. This could be in the form of a manager, a COO, or even a CIO. Whaling attacks are often successful because they appear to come from a legitimate source; nobody expects their boss to get hacked, and naturally they will want to do as they say. It appeals to the nature of the office worker to want to avoid conflict with upper management, and the fear of getting in trouble for insubordination. In addition to looking like an official business email, some whaling schemes may even resemble documents from the FBI or other government institutions.

Once this fear has been instilled in the hearts of the average office worker, it’s only a matter of time before one of two things happen: 1) The hacker gets what they want, be it sensitive credentials, a fraudulent wire transfer, or otherwise, or 2) The office worker realizes that they’ve been duped, and deletes the email. Unless the worker knows what to look for in a phishing message, however, the more likely scenario is the former.

In the face of any type of phishing attack, be it a spear-phishing attack or a targeted whaling attack, it’s important to remember that you should always think with your brain first before immediately reacting to a message like this. Take a moment to consider how much sense it makes to follow the instructions in the email that you’ve received. By simply taking a deep breath and calmly analyzing the email, you could be saving yourself a lot of pain and frustration.

As is the case with any phishing attack, look for irregularities in both the message itself, and the address that the message came from. Does it come from a legitimate sender? If so, what’s the email address? Look it over carefully and try to spot anything that’s out of place. Are there any numbers or letters that are trying to mask the true email address? Is there anything suspicious about the contents of the email? Look for curiously repetitive or urgent requests. Hackers like to use time-sensitive language to rush users into making a decision.

In dangerous situations like this, wouldn’t it be great if any whaling attacks and other phishing schemes stayed out of your inbox in the first place? With a spam blocking solution, your business will have little to fear from dangerous or fraudulent messages by eliminating them from your inbox entirely. We offer powerful enterprise-level spam blocking solutions that are designed to keep your business free of malicious or wasteful messages. To learn more, give us a call at (610) 828- 5500.

Contact CTN


610 Sentry Parkway

Suite 110

Blue Bell, Pennsylvania 19422

Call Us

(610) 828- 5500

11 + 7 =

Skip to content