![\"\"\/](\"https:\/\/i1.createsend1.com\/ei\/y\/97\/E96\/913\/104808\/csfinal\/shutterstock_1992436196-990451000003cf3c.jpg\")
<\/figure>\n\n\n\nWhat does a Whaling attack look like?<\/h2>\n\n\n\n
In the world of scam emails, Whaling emails often have the highest “production value.” Seeing as they are directed at top-level employees, the scammers need to be more detail-oriented in their approach. Compared to more general phishing emails, whaling attacks tend to do the following:<\/p>\n\n\n\n
- \n
- Use correct grammar usage throughout<\/li>\n\n\n\n
- Make less urgent, and more reasonable requests<\/li>\n\n\n\n
- Seem genuinely familiar with you\/your organization<\/li>\n<\/ul>\n\n\n\n
Some examples of Whaling emails:<\/h2>\n\n\n\n
Here we have a few examples provided by Eastern Kentucky University.<\/a> Notice how in these emails the requests are not as forceful as others we\u2019ve seen. If responded to, these emails will lead to the scammer requesting sensitive information or sending malicious software as an attachment.<\/p>\n\n\n\n
![\"\"\/](\"https:\/\/i2.createsend1.com\/ei\/y\/97\/E96\/913\/104808\/csfinal\/image2-990000079e04513c.png\")
<\/figure>\n\n\n\n
\n\n\n\n![\"\"\/](\"https:\/\/i3.createsend1.com\/ei\/y\/97\/E96\/913\/104808\/csfinal\/image1-38ccdf36d441652a.png\")
<\/figure>\n\n\n\n
\n\n\n\n![\"\"\/](\"https:\/\/i4.createsend1.com\/ei\/y\/97\/E96\/913\/104808\/csfinal\/image3-9901450a2805143c.png\")
<\/figure>\n\n\n\nSource of photos: Eastern Kentucky University<\/a><\/em><\/p>\n\n\n\n
In each of these examples, a closer look at the email addresses shows that the messages are fraudulent. Scammers can easily \u201cspoof\u201d the name, setting it as \u201cMichael T. Benson,\u201d but looking at the email address we can see it\u2019s coming from an odd email address. This is why it\u2019s always a good idea to double check the sender\u2019s email address.<\/strong><\/p>\n\n\n\n
Keep in mind that email applications do not always display the sender\u2019s email address. If that is the case you will have to manually reveal it. How to do this will depend on the email client you use, but in most cases clicking the sender\u2019s name will prompt it to show the actual address.<\/p>\n\n\n\n
What can you do to protect yourself?<\/h2>\n\n\n\n
Like all the scams we\u2019ve discussed, whaling can cause serious damage to an organization. In addition to the safety recommendations we\u2019ve discussed for other types of phishing, here are some tips that apply especially to whaling attacks:<\/p>\n\n\n\n
- \n
- Be mindful about social media posts.<\/strong> Since whaling requires personal details, scammers often turn to social media for research. For example, in their article on whaling<\/a>, Cornell University suggests waiting until you get home to post about traveling for work or vacation. Details about where you are and on which dates can be used to impersonate you more believably to coworkers.<\/li>\n\n\n\n
- Establish strict verification procedures.<\/strong> In this 2024 article from CyberTalk.org,<\/a> they suggest taking time to create a plan to verify high value requests. For example, deciding in advance that high value fund transfer must be requested through two separate, trusted communication channels (e.g., a designated email and phone number).<\/li>\n<\/ul>\n\n\n\n
If you are interested in learning more about how to to strengthen your cybersecurity processes, please call 818-832-2310 or email support@islandtechnologies.net<\/a><\/p>\n\n\n\n
That’s all\u2026for now!<\/h2>\n\n\n\n
We hope you\u2019ve found this information useful. We look forward to our next email where we will discuss \u201cSmishing\u201d and \u201cVishing\u201d\u2014phishing attacks that take place over text, call, and social media. Until then, stay safe!<\/p>\n","protected":false},"excerpt":{"rendered":"
What is “Whaling”? Whaling is a highly targeted type of phishing. Instead of going for \u201csmall fish,\u201d whaling attempts to scam individuals holding top positions at an organization. Scammers use elaborate social engineering tactics to pass off their communications as legitimate. In this email we\u2019ll talk more about whaling, how to spot it, and how to protect … Continued<\/a><\/p>\n","protected":false},"author":8,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[],"class_list":["post-8003","post","type-post","status-publish","format-standard","hentry","category-uncategorized"],"_links":{"self":[{"href":"https:\/\/www.islandtechnologies.net\/blog\/wp-json\/wp\/v2\/posts\/8003","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.islandtechnologies.net\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.islandtechnologies.net\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.islandtechnologies.net\/blog\/wp-json\/wp\/v2\/users\/8"}],"replies":[{"embeddable":true,"href":"https:\/\/www.islandtechnologies.net\/blog\/wp-json\/wp\/v2\/comments?post=8003"}],"version-history":[{"count":2,"href":"https:\/\/www.islandtechnologies.net\/blog\/wp-json\/wp\/v2\/posts\/8003\/revisions"}],"predecessor-version":[{"id":8005,"href":"https:\/\/www.islandtechnologies.net\/blog\/wp-json\/wp\/v2\/posts\/8003\/revisions\/8005"}],"wp:attachment":[{"href":"https:\/\/www.islandtechnologies.net\/blog\/wp-json\/wp\/v2\/media?parent=8003"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.islandtechnologies.net\/blog\/wp-json\/wp\/v2\/categories?post=8003"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.islandtechnologies.net\/blog\/wp-json\/wp\/v2\/tags?post=8003"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}
- Establish strict verification procedures.<\/strong> In this 2024 article from CyberTalk.org,<\/a> they suggest taking time to create a plan to verify high value requests. For example, deciding in advance that high value fund transfer must be requested through two separate, trusted communication channels (e.g., a designated email and phone number).<\/li>\n<\/ul>\n\n\n\n
- Be mindful about social media posts.<\/strong> Since whaling requires personal details, scammers often turn to social media for research. For example, in their article on whaling<\/a>, Cornell University suggests waiting until you get home to post about traveling for work or vacation. Details about where you are and on which dates can be used to impersonate you more believably to coworkers.<\/li>\n\n\n\n