Why You Should be Worried About Whaling

Published on 14 March 2022

Whaling is a more advanced version of phishing. It is a strategized targeted email attack aimed at senior executives. The desired effect is to impersonate a CEO or senior member of staff via email to get another member of staff to carry out an action; this could be something like making a payment. Cybercriminals will do this by using social engineering and business language to convince the recipient to hand over sensitive information or for financial gain.

The results of this can be detrimental to your business. As well as financial and data loss, it could damage your company’s reputation.

In both phishing and whaling, cybercriminals will use emails to target their victims. However, whaling has a much higher ‘pay-off’ for cybercriminals, meaning they will spend more time making the emails look authentic.

padlock and computer images

How to protect yourself and your business from a whaling attack:


One of the key reasons why phishing, spear-phishing, and whaling are a popular choice among cybercriminals is because it relies on human error. Rather than finding a hole in your cybersecurity software (which can be difficult and time-consuming), cybercriminals can wait for one member of staff to make a small error.

Educating your staff and running training exercises is a great way to keep your staff vigilant. It is a good idea to encourage your staff to maintain a healthy level of suspicion when they are looking at and engaging with emails.

Multistep verification

Consider a multistep verification process when it comes to transferring large amounts of data or funds. This could be by requiring a phone call or face-to-face confirmation before transferring or needing more than one person to approve the transfer. The latter option also allows for one of your staff to have someone to bounce suspicions off of and alleviates sole responsibility.

Anti-phishing tools

You can enable and deploy specialist anti-phishing software. This will screen any URLs or links before you receive an email. Bluebell IT Solutions can assist you in finding and implementing the right anti-phishing software for your business.

Social media education

Ensure that you and any other senior members of staff are aware of what they post publicly on social media. Cybercriminals will use any publicly available material to convince the victim the email is genuine. For example, if a director has posted about their company’s recent Christmas party, a cybercriminal could mention this within the email to eliminate suspicion.

Whaling Emails coming out of computer

It can be tricky to spot a phishing email and with whaling emails, it can be even trickier. The key is to keep your staff educated. By enabling multifactor authentication, you can prevent large amounts of data or funds from being transferred incorrectly. The addition of anti-phishing software adds another layer of protection to all your staff’s emails. If you are interested in learning more about whaling and how to set up parameters to best defend yourself book a meeting with us below or call us on 01908 044202.

Defend against whaling attacks

Contact us!

Recent Posts

Our Resources