What is whaling phishing? How does it work

Whaling phishing is a type of email scam where criminals pose as representatives from legitimate organizations, such as banks or shipping companies, in order to obtain personal information from victims. The information typically sought includes login credentials for online services such as bank accounts or email addresses.

Whaling phishing is a type of cybercrime in which criminals trick people into giving up their personal information by posing as representatives from reputable organizations, such as banks or airlines, and asking for personal details such as account numbers or passwords.

Get more interesting articles here.

It is a type of cybercrime in which criminals use fake websites or emails to trick people into disclosing personal information. This information can be used to steal identities and commit other crimes.

5 Types of phishing

Phishing is among the top cyber threats that companies face. As per Proofpoint’s state of the Phish Report over 80 percent of businesses suffered an attack using phishing this year.

A major and annoying aspects of this is that the majority of people are aware of phishing and the way it works, yet many are still victimized.

whaling phishing

The increasing sophistication of phishing scams has led to this. They could still have the same aim – take our personal information or get into our devices, however, there are many ways to achieve this.

On this page, we will look through five commonly used kinds of phishing emails to help you recognize the indicators of a scam.

The five most popular kinds of phishing attacks

  • Phishing via email. The majority of phishing scams are delivered through email. 
  • Spear Phishing. There are two more kinds, which are more sophisticated, of phishing that involve email.
  • Whaling. Attacks on whales are more precise, targeting at top executives. 
  • Vishing and smishing. 
  • Anglers Phishing.

Email phishing

Email phishing is by far the most frequent kind of scam that is used to send emails that people use to refer to phishing as a whole. It is estimated that more than 50% of all emails sent out contain some form of phishing scam.

These emails can differ in content, but they usually pretend to be from a legitimate company or an individual that the company is in business with regularly. Fake password resets, fake invoices, and false shipping updates are some of the most frequent forms of email phishing.

Spear Phishing

The two more kinds, which are more sophisticated, of phishing using email.

The first one, spear phishing refers to malicious emails that are sent to a particular person. Criminals who use this method are likely to have every one of these details regarding the victim:

  • Name of the group;
  • Location of employment;
  • Job title;
  • Address for email;
  • Specific information regarding their role.

It is evident in the following example how much credible spear-phishing scams are in comparison to scams that are more conventional.

The criminal has the capacity to identify the person by name, and (presumably) is aware the job they perform involves the transfer of funds to banks for the company.

The casualness of the email could also suggest that the person who sent it is an actual native English speaker. This creates the impression that it is an actual message instead of an automated template.


The whaling attacks are also more specific, aiming at executives in the top ranks. While the goal behind whaling is identical to any other type of Phishing attack, the method is typically less obvious.

Methods such as fake URLs and malicious URLs won’t be helpful in this situation, as criminals are trying to mimic the senior management.

Emails from whaling companies also often make use of the excuse of a busy CEO that wants an employee to perform favor.

Emails like this may seem less sophisticated than spear-phishing emails however, they are a way to test the employees’ desire to obey the instructions of their bosses. Some recipients may suspect there is something wrong but aren’t able to speak to the sender and declare that they’re not professional.

Smishing and vishing

Smishing and vishing, phones replace emails as a means for communication.

Smishing is when criminals send text messages (the contents of which are identical to email and phishing) Vishing is an actual phone call.

The most popular scams is smishing. These are messages from your bank announcing to suspicious transactions.

Angler phishing

Angler phishing is a type of cybercrime that involves criminals posing as trustworthy entities, such as online merchants or even legitimate organizations, in order to induce victims to disclose personal information. This type of attack has become increasingly popular in recent years, as criminals have realized that many people are willing to divulge personal information over the Internet.

READ MORE: Tesla dog mode

Julia Mate
the authorJulia Mate

Leave a Reply