SkipToMainContent

Emerging Threats

Whaling attack: What it is + whaling protection tips

A professionally dressed man sits in a coffee shop researching ways to protect himself from a whaling attack.

January 6, 2022

A whaling attack is a type of phishing technique used to impersonate high-level executives in the hopes of stealing a company’s money or sensitive data from another high-level executive.  Also known as “executive phishing,” hackers use emails, fake websites, and other forms of social engineering to trick executives into handing over valuable information. And with Levitas Capital, an Australian hedge fund, being one victim of whaling in 2020 — losing about $800,000 — now might be a good time to learn more about the dangers of whaling and how to protect yourself and your business. 

Here, you’ll learn how to do just that by educating yourself on whaling attacks. You’ll get to understand different whaling attack techniques used by today’s cybercriminals along with whaling attack protection tips you can use to secure your company’s data and servers. We’ve also provided answers to common questions such as, “How does a whaling attack work?” and “Who do whaling attacks target?”

How does a whaling attack work?

Three illustrations accompany the differences between phishing, spear phishing, and whaling attacks.


Despite what its name suggests, whaling isn’t this larger-than-life beast that’s difficult to understand. In fact, we can break it down into three simple steps:  

  1. A hacker identifies a top executive to target and gathers information on them via social media and other public platforms.
  2. The hacker creates a fake but professional business email account.
  3. The hacker uses the fake account to send phishing emails to the executive, trying to corrupt their computer and network to steal sensitive data or money. 

Whaling can sometimes be confused with phishing and spear phishing. While the hacker's approach is similar, these are different types of cyberattacks, and it all comes down to who the cybercriminals are targeting.      

  • Whaling vs. phishing: Unlike whaling, phishing cyberattacks target large groups of people rather than a specific individual. 
  • Whaling vs. spear phishing: While spear phishing attacks target specific individuals, whaling attacks only zero in on high-level executives. 

3 common whaling attack techniques 

Fake email domains, wire requests, and a sense of urgency to messages are the main indicators of a whaling attack. However, for a better idea of how cyberthieves carry out these malicious attacks, here are some of the whaling techniques used today.

1. Whaling via email corruption

An example of a whaling attack email accompanies a useful tip to help identify this type of cyberattack.


With the average user receiving about 16 phishing emails per month, these digital messages are the primary vehicle for executing whale attacks. After making a thoughtfully crafted fake email layout, hackers use the credibility of other businesses to trick high-level employees into sending over confidential data or completing wire transfers.      

  • Whaling prevention tip: Confirm urgent requests by getting in touch with the sender via alternate communication channels.

2. Whaling via social media  

Social media can be great for those looking for information — but not so great for people looking to hide it. When executives create Instagram or Facebook accounts, they should be aware of the information they make public. Hackers often use professional profiles to find work emails they can repurpose for their whaling efforts.      

  • Whaling prevention tip: Avoid listing your primary work email on public profiles for people to find. 

3. Whaling with phone verification 

Noticed more recently is a new technique whereby hackers follow up their whaling email with a phone call. If the call is answered, the hacker attempts to verify that the targeted employee received their email and further emphasize the importance of the request made in their message.      

  • Whaling prevention tip: Verify urgent requests with workers handling that specific project.

Consequences of a whaling attack 

Most people concerned with the cybersecurity of their business recognize the danger of whaling. For more perspective, here are some of the potential consequences of a whaling attack:      

  • Data loss: Clicking on malicious links or attachments included in whaling emails could corrupt your business’s network with malware sent to steal or destroy confidential customer data or intellectual property.      
  • Revenue loss: With billions of dollars in losses reported due to the business email compromise (BEC), companies should be aware of the financial risks associated with whaling attacks. One of the main uses of whaling for hackers is to get high-level employees to wire money from their company’s account to their own.
  • Customer distrust: Businesses have a responsibility to protect the data entrusted to them by their customers. Failing to do so could lead to customers losing their confidence in the business, potentially affecting its reputation and sales.

Whaling attack protection tips

Nine illustrations accompany whaling attack prevention tips to help protect sensitive information.


Use these whaling attack protection tips to equip yourself with the protocols, tools, and resources that can help protect your company — and customers’ — data and money.

Establish employee data security trainings  

Employee training around data security is crucial for your defense against emerging threats like whaling attacks. With all employees educated on the malware and hacking techniques used to corrupt their systems and data, cybercriminals will have a much harder time tricking employees, especially high-level ones, into handing over resources.

Use antivirus software and tools 

Investing in antivirus and/or anti-phishing tools is a great idea for those interested in boosting their cybersecurity against whaling attacks. Features such as spam filtering and malicious file and URL detection work to spot potential threats to your network when they appear.

Create data protection policies 

Data protection policies allow employees to have a formal set of guidelines in regards to what actions will keep the company’s information safe from cyberthreats. Such policies could restrict people from sending files to personal email accounts and/or require people to avoid public Wi-Fi when logging into cloud storage systems.

Offer social media guidance for executives 

Companies should provide executives guidance on how to safely operate social media accounts to safeguard company information. The increased exposure to prying eyes that comes with these platforms make executives prime targets for whaling and other social engineering attacks.

Verify links and sender addresses

Always double-check the hyperlinks included in emails sent to your inbox to help avoid whaling attacks. A quick way of doing this is using your mouse to hover over the link and reviewing the full URL attached. If it looks suspicious, avoid clicking on it.

Also remember that you don’t have to click on the links included in the email messages — you can also go directly to the site to find the credible link yourself.

Avoid creating unnecessary accounts 

You may surprise yourself when you realize how much of your information is online. Every time you post on social media or fill out a personality quiz on the internet, more of your personal information gets put on the web. And before you know it, hackers know enough about you to compile your information to sell on the dark web for profit.    

Avoid this by only signing up for social media platforms, apps, and other online accounts that you intend to use regularly. 

Protect your personal information 

Keeping your personal information safe is key to avoiding different types of phishing scams. By not oversharing on social media — and even company online bios — you can make it more difficult for phishers to get ahold of your data.

You also have the ability to change your privacy settings on your devices and online accounts to ensure only specific people can view your information. 

Update software regularly

It’s important to ensure the devices you use daily are up to date on the latest security patches that help prevent hackers from using whaling to compromise your devices and information. A good trick is to enable automatic updates to take the work out of remembering to check regularly.

Have next steps in place 

If you happen to realize you clicked on a link resulting in a whaling attack, here are the next steps you should take:

  1. Disconnect from Wi-Fi: Shutting off your Wi-Fi or disconnecting your Ethernet cable can help stop the spread of infectious malware.
  2. Back up your data: Backing up your data is a standard cybersecurity best practice, but it becomes even more important in the event of a whaling attack. Using external hard drives to store data can ensure you have duplicates if a hacker deletes your files.
  3. Reset your passwords: If a hacker is able to gain access to one of your accounts, it’s a possibility that they’ll find their way into others. If you sense a hacker has compromised one of your online accounts, reset all of your passwords immediately and consider enabling two-factor authentication.
  4. Scan device hardware: Use security software to scan, identify, and destroy dangerous malware hiding in your system. 

Using the information and tips provided here can make noticing a whaling attack easier than spotting a humpback in the Pacific. After all, protecting your online privacy — and also your company and customers — all begins with educating yourself on the threats attempting to compromise it. 

Whaling attack FAQs

Here are answers to some of the most frequently asked questions about whaling attacks.

Who do whaling attacks target? 

Whaling attacks target high-profile company executives, such as chief executive officers and chief financial officers.

What is an example of a whaling attack? 

An example of a whaling attack took place in 2020 when an Australian hedge fund co-founder clicked on a fake Zoom link that corrupted his system and led to him losing $800,000.

What is whaling vs. phishing? 

Phishing is a broad term that encompasses cyberattacks that use social engineering to trick users into handing over private information. Whaling refers to phishing attacks targeting high-ranking business professionals. 

What type of cyberattack is whaling? 

Whaling is a form of spear phishing. And while spear phishing attacks target specific individuals, whaling attacks specifically target high-level executives.

How do I recognize a whaling attack? 

Signs of a potential whaling attack include:

  • Fake email domains
  • Wire requests
  • A sense of urgency to act quickly

How do I report a whaling attack? 

You can report whaling attacks to organizations like the Federal Trade Commission and Cybersecurity and Infrastructure Security Agency

Cyber threats have evolved, and so have we.

Norton 360™ with LifeLock™, all-in-one, comprehensive protection against viruses, malware, identity theft, online tracking and much, much more.

Try Norton 360 with Lifelock.


Editorial note: Our articles provide educational information for you. NortonLifeLock offerings may not cover or protect against every type of crime, fraud, or threat we write about. Our goal is to increase awareness about cyber safety. Please review complete Terms during enrollment or setup. Remember that no one can prevent all identity theft or cybercrime, and that LifeLock does not monitor all transactions at all businesses.

Copyright © 2022 NortonLifeLock Inc. All rights reserved. NortonLifeLock, the NortonLifeLock Logo, the Checkmark Logo, Norton, LifeLock, and the LockMan Logo are trademarks or registered trademarks of NortonLifeLock Inc. or its affiliates in the United States and other countries. Firefox is a trademark of Mozilla Foundation. Android, Google Chrome, Google Play and the Google Play logo are trademarks of Google, LLC. Mac, iPhone, iPad, Apple and the Apple logo are trademarks of Apple Inc., registered in the U.S. and other countries. App Store is a service mark of Apple Inc. Alexa and all related logos are trademarks of Amazon.com, Inc. or its affiliates. Microsoft and the Window logo are trademarks of Microsoft Corporation in the U.S. and other countries. The Android robot is reproduced or modified from work created and shared by Google and used according to terms described in the Creative Commons 3.0 Attribution License. Other names may be trademarks of their respective owners.