Dear reader, if you’re interested in finding out more about some of the most common cyber attacks related to email security (phishing, spear phishing, business email compromise, what is whaling), please take a seat and get a delicious cup of coffee or tea and read carefully, because this extended guide will provide you with information on several aspects of the matter: 

1. Phishing, spear phishing, business email compromise, whaling – a definition

2. What is whaling and how does it work

3. Whaling tactics

4. Whaling consequences

5. Whaling attack examples

6. Whaling prevention strategies

1. Phishing, spear phishing, business email compromise, whaling – a definition

As we mention in our Cybersecurity Glossary, phishing refers to “a malicious technique used by cybercriminals to gather sensitive information (credit card data, usernames and passwords, etc.) from users. The attackers pretend to be a trustworthy entity to bait the victims into trusting them and revealing their confidential data. The data gathered through phishing can be used for financial theft, identity theft, to gain unauthorized access to the victim’s accounts or to accounts they have access to, to blackmail the victim and more.”

Spear phishing is a subset of phishing “that aims to extract sensitive data from a victim using a very specific and personalized message. This message is usually sent to individuals or companies, and it’s extremely effective because it’s very well planned. Attackers invest time and resources into gathering information about the victim (interests, activities, personal history, etc.) in order to create the spear-phishing message (which is usually an email). Spear phishing uses the sense of urgency and familiarity […] to manipulate the victim, so the target doesn’t have time to double-check the information.”

Whaling is another form of phishing “whose objective is to collect sensitive data about a target. What’s different from phishing is that whaling goes after high-profile, famous and wealthy targets, such as celebrities, CEO’s, top-level management and other powerful or rich individuals. By using the phished information, fraudsters and cybercriminals can trick victims into revealing even more confidential or personal data or they can be extorted and suffer from financial fraud.” 

In other words, whaling represents a form of business email compromise (BEC), a type of social engineering attack in which malicious players pretend to be the CEO of the company you work in or another authority figure and ask you to send money or give them access to sensitive information. 

2. What is whaling – and how does it work 

what is whaling - illustration


The basic step in a whaling attack is research – attackers will try to use every resource they have to find out more about the people they want to impersonate and their work environment. They will check social network profiles in order to gain insights that might be later used in an email in order to seem trustworthy. 

The email address they would use would also seem authentic, and the message might include corporate logos and links to a fraudulent website that has been created to look legitimate. The emails would sound urgent, usually asking people to reply with certain information, open an attachment, pay an invoice or enter personal information on a fake website. 

The information the attackers get might be used to enter the company’s network, steal data or install software on your devices that allow them to maintain access to your network and monitor communications. 

3. What is whaling – tactics

a. Whaling emails from “colleagues’

This is the most basic whaling tactic – the malicious actors try to trick company employees by using a compromised email address or a spoofed one to convince them that a colleague has a legitimate request for them. The tactic proves particularly efficient when it involves an email from a senior executive sent to a junior member of the team. 

b. Social media whaling

Online social networking is already used for developing business contacts or recruiting employees and, for a few years, it has become one of the hackers’ playgrounds. Social networks are a true goldmine of information for social engineering, but also a place where people tend to be less vigilant. 

c. Whaling emails + confirmation phone call 

This is a particularly dangerous whaling tactic, because it borrows elements from other types of cyberattacks – supply chain and vishing. Hackers can use accessible information from your partners or suppliers to construct incredibly credible emails. Afterwards, hackers will give their targets a phone call to confirm the request. This would make the possible victim forget that this might be a fake email since they also had a “real world” interaction with the sender of the message. 

4. What is whaling – consequences

Financial loss

This one is obvious – if employees take the bait, they might send significant amounts of money to cybercriminals, but you should probably also add to that fines for data breaches and potential customers loss. 

Data loss

Since cybercriminals are also trying to obtain data from a whaling attack, sending sensitive information to them equals data breach – which equals huge fines, due to GDPR regulations


Dealing with the consequences of such an attack is not easy: the company will shift its focus from making progress to notify customers and other relevant people about data breaches, take security measures to make sure it won’t happen again, try to recover any lost funds. 

Brand damage

Obviously, no company would enjoy the same level of trust from customers and partners if an employee fell for impersonation fraud, especially if the result was a data breach. All sorts of future opportunities could be lost because of whaling. 

5. What is whaling – attack examples 

The Snapchat case 

A few years ago, the Snapchat HR staff received an email from “chief executive Even Spiegel”, who appeared to “request” payroll information about some current and former employees. As you expect, someone answered to him and sent the requested information. 

A few hours after the incident, they confirmed that the attack was an isolated one and reported it to the FBI. After discovering who were the affected employees, they offered them two years of free identity-theft insurance and monitoring. 

The Seagate case 

In March 2016 Seagate also dealt with a leakage of former and current employees records – about 10.000. This huge number led to a lawsuit of malpractice. Other accusations include lack of surveillance and poor handling of sensitive data. 

The scenario was identical to the Snapchat case. The information that got in the wrong hands included “Social Security numbers, tax paid, salary information, and other data that put the legitimate owners at risk of identity fraud.” 

6. What is whaling – prevention strategies 

As you can probably now understand, the implications of a whaling attack are very serious. Since no one would want to interrupt their daily tasks and evolution for dealing with whaling consequences, here’s what you can do to avoid one in the first place and keep your company safe: 

Educate employees on the dangers of cyberattacks

Every employee should know what all the attacks mentioned in this guide mean: social engineering, phishing, spear phishing, what is whaling, business email compromise / CEO fraud. They should be able to recognize their signs or at least have a preventive and suspicious mindset when it comes to online communication. 

Advice employees to pay attention to how they use social media 

As we have seen, social media is a goldmine of information for cybercriminals. It would be best to keep all your profiles private, enable multi-factor authentication and verify every friend request that you receive. You can find more indications here

Flag external emails 

Spotting potential whaling messages might be easier if you flag all the emails sent from outside of the company’s network. This is correlated to the next suggestion – establishing a verification process. 

Establish a verification process 

One way of making sure your company won’t fall for a whaling attack is to tell everyone to double-check any email that seems suspicious. If it’s from within the business, there should be no hesitation to call the sender or even talk to him face to face. 

Ensure the appropriate security measures 

The most important solutions you should have as part of your security strategy are an antivirus, a firewall, and email security software. Heimdal™ Security can help you with all of them – you could try our Endpoint Security Software and our email security solutions: Heimdal™ Email Security and Heimdal Email Fraud Prevention

Heimdal Official Logo
Simple standalone security solutions are no longer enough.


Is an innovative multi-layered security approach to organizational defense.
  • Next-gen Antivirus & Firewall which stops known threats;
  • DNS traffic filter which stops unknown threats;
  • Automatic patches for your software and apps with no interruptions;
  • Privileged Access Management and Application Control, all in one unified dashboard
Try it for FREE today Offer valid only for companies.

Heimdal™ Email Security can stop malware, stop malicious links, prevent phishing, prevent ransomware by offering server-based email protection: this means it scans the emails before they get to your device and before they ever reach your inbox. Everything happens in the cloud, at the server level. Heimdal™ Email Security is particularly useful also because it can help you prevent spreading spam from inside your network to other users, but if you also want to spot CEO fraud and prevent any whaling attack, Heimdal™ Email Fraud Prevention should be your best friend. 

Heimdal Official Logo
Email communications are the first entry point into an organization’s systems.

Heimdal™ Email Fraud Prevention

Is the next-level mail protection system which secures all your incoming and outgoing comunications.
  • Deep content scanning for attachments and links;
  • Phishing, spear phishing and man-in-the-email attacks;
  • Advanced spam filters to protect against sophisticated attacks;
  • Fraud prevention system against Business Email Compromise;
Try it for FREE today Offer valid only for companies.

By using  125 detection vectors to keep your email safe, Heimdal™ Email Fraud Prevention can detect CEO and financial mail fraud, spot Insider Business Email Compromise, discover imposter threats, but also advanced malware emails. Among the most important vectors of detection, we mention phraseology changes, IBAN / account number scanning, attachment modification, link execution and scanning, man-in-the-email detection.

Make sure you have an incident response plan 

In order to mitigate the consequences of a cyberattack, companies should have “a maintained plan, concrete roles and responsibilities, lines of communication, and established response procedures. These are the necessary stepping stones that would allow it to appropriately address the bulk of incidents it would likely see.” 

What is whaling – wrapping up 

Whaling is a dangerous email security threat, but also one that can be avoided by paying a little attention and having the right security solutions in place. 

Whatever you choose, please remember that Heimdal™ Security always has your back and that our team is here to help you protect your home and your company and to create a cybersecurity culture to the benefit of anyone who wants to learn more about it. 

Drop a line below if you have any comments, questions or suggestions – we are all ears and can’t wait to hear your opinion!

Leave a Reply

Your email address will not be published. Required fields are marked *