The CEO of Crucial Technologies contacts the help desk to inquire about emails he has been receiving. The messages appear to come from the IT department and urge him to click a link to reset his password following a supposed compromise. Each email addresses him by name and title, but they contain several spelling and grammar errors. No other employees have reported similar messages. What type of social-engineering attempt is taking place?
The correct answer is Whaling. A whaling attack is a specialized form of spear phishing directed at high-value executives (the "whales") and often includes personalized details such as the target's name or title to appear credible.
Vishing uses voice calls or VoIP to trick victims into revealing information and is not delivered by email.
Tailgating is a physical-access social-engineering tactic in which an unauthorized person follows an authorized individual into a secure area.
Evil twin involves a rogue Wi-Fi access point masquerading as a legitimate network to intercept data.
Because the emails specifically target the CEO with personalized phishing content, they fit the definition of whaling.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What makes whaling different from regular phishing?
Open an interactive chat with Bash
How can whaling attacks be prevented?
Open an interactive chat with Bash
What information do attackers use to make whaling emails convincing?