#6. A Whale of an Attack
Another variation of phishing attacks is a whaling attack. Here the social engineer targets executives and high-profile targets. Information about executives and high-profile targets is easily accessible on the Internet. For example, a company may have bios of its executive officers on a corporate website. This information may be used by a social engineer to create a targeted spear phishing attack to the corporate officer.
For example, if the bio tells how a chief financial officer graduated from Duke University in 1979 and enjoys playing golf (yes, some executives actually put their hobbies in their bios), a social engineer may send an email to that corporate officer as if from the university alumni chapter asking him to come to a special alumni golf tournament for graduates. The executive will be likely to believe that it is authentic. The email may go on to ask the person to access a website to enter credit card information to reserve a spot in the tournament.
Because of the vast amount of information about corporate officers and other high-profile targets, whaling is becoming increasingly popular because this information makes it so easy for social engineers to target them in a convincing manner.