Whaling: phishing for executives and celebrities

A fraudster's term of art, "whaling" refers to phishing attempts targeted at "C-level corporate executives, politicians and celebrities" -- it's a play on "phishing" (attacks that trick users into downloading dangerous files or visiting attack sites by impersonating known sources) and "whales" (a term of art from casinos, referring to high-stakes gamblers).

As with any phishing endeavor, the goal of whaling is to trick someone into disclosing personal or corporate information through social engineering, email spoofing and content spoofing efforts. The attacker may send his target an email that appears as if it's from a trusted source or lure the target to a website that has been created especially for the attack. Whaling emails and websites are highly customized and personalized, often incorporating the target's name, job title or other relevant information gleaned from a variety of sources.

whaling
[Margaret Rouse/Search Security]


(via Beyond the Beyond)