In his work as as a Certified Financial Fiduciary and financial strategist, Robert M. Ryerson looks at the security of people's financial information. Professionals like Robert M. Ryerson must be familiar with current identity theft techniques, such as phishing, spear phishing, and whaling.
In a whaling attack, a malicious actor targets a member of a company's senior management team or other individual with access to large amounts of sensitive data. By targeting CEOs, CFOs, payroll departments, or regional leadership, malefactors can steal large amounts of personal information or company secrets more quickly than by approaching rank-and-file employees.
Whaling attacks use similar tactics to other forms of phishing. Whalers send their targets communications that appear to be from trusted sources, and use as many details as possible to increase their credibility. They may make sites that look like official bank pages, or spoof a government email address. Some whaling attacks, however, use only social engineering methods to gain access to data. Security professionals should remain in contact with upper management regarding enterprise-specific ways to defend against whaling.
