A company's Chief Financial Officer (CFO) receives an email that appears to be from the Chief Executive Officer (CEO). The email uses the CEO's name and contains specific, accurate details about an upcoming quarterly financial report. The message urgently requests the CFO to wire funds to a new vendor to complete a sensitive, time-critical acquisition. A later investigation reveals this was an attempt to steal company funds. Which type of attack BEST describes this scenario?
The correct answer is whaling. Whaling is a specific type of phishing attack that targets high-profile individuals within an organization, such as C-level executives (the 'big fish'). These attacks are highly personalized, using specific details relevant to the target to appear legitimate, as seen in the scenario where the email mentioned a real financial report. The goal is often to trick the executive into making a high-value financial transfer or divulging sensitive information.
Spear phishing is a targeted attack aimed at a specific individual, and while this scenario is a form of spear phishing, 'whaling' is the more precise term because the target is a high-level executive.
Vishing is incorrect because it involves social engineering over voice calls, not email.
Typosquatting is a different type of attack where a threat actor registers a domain name that is a common misspelling of a legitimate site to lure in users who make a typing error.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What distinguishes whaling from general phishing attacks?
Open an interactive chat with Bash
How do attackers gather information to craft whaling emails?
Open an interactive chat with Bash
What are some methods to prevent falling victim to a whaling attack?