In urgent need of assistance from our Incident Response team? Click below to email directly and get support.
Get Support
Set up regular vulnerability scans for Web Apps & Infrastructure with our innovative SecurePortal
Learn More
PTaaS Packages For All Businesses
Distribute, manage and monitor remediation tasks effortlessly with PTaaS, powered by SecurePortal
View PTaaS Options
Need Our Assistance?
We now offer Incident Response Retainers helping you reduce damage from a cyber attack
Read
What is Whaling?
What is Whaling?
In a previous blog post, we explained the basics of Phishing. This post will go into detail on another type of Social Engineering called Whaling.
Whaling is a type of Phishing attack that is targeted towards high-profile individuals. This may be people such as Corporate Executives, Politicians or Celebrities. In this case, the directed phishing email will take a more serious executive-level form. The content of the email is often written as a legal document, customer complaint, or executive issue.
Whaling emails are designed to mimic business critical emails, and usually involve some kind of company-wide concern. Attackers may also forge legal documents.
How Does Whaling Put You at Risk?
As the email appears to be a business or legal concern, it is very difficult to ignore. It adds a sense of urgency to the email, meaning that the victim is less likely to notice the signs of Phishing.
In addition, the emails often have forged documents attached to them. The email may claim that the user needs to download software to view it, and this will be a form of malware. Similarly, the email may lead to a log-in portal, where the victim’s data can be stolen.
Senior executives within an organisation are also a target as they may have received less Security Awareness training than the general employees within the business.
How Can you Protect Yourself from Whaling?
- Check the sender of the email.
- Hover over any links in the email to see where it will go.
- Check for any spelling or formatting mistakes.
- Search Anti-Phishing sites to see if the sender/content of the email has been marked as a scam.
- Follow up on suspicious emails with the company they claim to be from.
Pentest People have a full Phishing Platform that can be used as part of a Social Engineering engagement. Be sure to get in touch with us if this is something of interest.
Video/Audio Transcript
Learn Something New
Have a read of our blogs written by industry experts, covering topics from all areas in cyber.
Meeting Compliance With Threat Intelligence
This blog covers the basics of Threat Intelligence and how you can meet compliance by adding a Threat Intelligence solution into your defences. SecurePortal 2.10 now helps customers comply with ISO27001, DORA & PCI DSS with Real-Time Threat Intelligence and its free! Read our blog for more information.
SecurePortal 2.10 - Introducing Threat Intelligence
Stay ahead of global cyber threats with our powerful new Dashboard. Access over 30 live feeds for real-time, industry-specific insights. Customise your view to focus on what matters most, and empower your team with actionable intelligence. Enhance your situational awareness, streamline reporting, and meet compliance requirements—all through our user-friendly interface. Equip your organisation to proactively address risks and strengthen your security posture.
Cyber Security Trends to Look Out For in 2025
Dive into the future of cyber security as we gear up for 2025. We'll explore how AI is set to redefine threat detection, making it smarter and faster. As we become more connected, securing supply chains against vulnerabilities is more important than ever. Plus, with the rise of hybrid work environments, zero trust architecture is becoming a must-have to keep everything locked down and secure. It's all about staying one step ahead of the curve, so let's unpack what your organisation can do to tackle these challenges head-on and keep your digital world safe.
.svg)
.webp)
