Home > Articles > Security > General Security and Privacy

  • Print
  • + Share This
From the author of #6. A Whale of an Attack

#6. A Whale of an Attack

Another variation of phishing attacks is a whaling attack. Here the social engineer targets executives and high-profile targets. Information about executives and high-profile targets is easily accessible on the Internet. For example, a company may have bios of its executive officers on a corporate website. This information may be used by a social engineer to create a targeted spear phishing attack to the corporate officer.

For example, if the bio tells how a chief financial officer graduated from Duke University in 1979 and enjoys playing golf (yes, some executives actually put their hobbies in their bios), a social engineer may send an email to that corporate officer as if from the university alumni chapter asking him to come to a special alumni golf tournament for graduates. The executive will be likely to believe that it is authentic. The email may go on to ask the person to access a website to enter credit card information to reserve a spot in the tournament.

Because of the vast amount of information about corporate officers and other high-profile targets, whaling is becoming increasingly popular because this information makes it so easy for social engineers to target them in a convincing manner.

  • + Share This
  • 🔖 Save To Your Account