{"id":3546,"date":"2025-03-26T07:39:39","date_gmt":"2025-03-26T06:39:39","guid":{"rendered":"https:\/\/enthec.com\/?p=3546"},"modified":"2025-03-26T07:39:39","modified_gmt":"2025-03-26T06:39:39","slug":"whaling-the-attack-that-targets-senior-executives-and-keys-to-avoid-it","status":"publish","type":"post","link":"https:\/\/enthec.com\/en\/whaling-the-attack-that-targets-senior-executives-and-keys-to-avoid-it\/","title":{"rendered":"Whaling: the attack that targets senior executives and keys to avoid it"},"content":{"rendered":"

Although we don’t always consider it, cybercriminals often look for the most influential people within a company: senior executives. Why? Because they have access to critical information, handle large amounts of money, and, in many cases, <\/span>are not as prepared in terms of digital security as they should be.<\/span><\/b> <\/span><\/p>\n

This is where<\/span> whaling<\/span><\/b> comes into play,a type of attack aimed at a company’s senior executives, who can approve millionaire transfers or know sensitive data without too many obstacles. And, although it may not seem like it, these attacks are more common than we think. <\/span> <\/span><\/p>\n

To combat this threat, solutions such as<\/span> Qondar<\/span><\/a> by Enthec help detect and prevent impersonation attempts and fraud targeting senior executives, strengthening the company’s security against attacks such as whaling.<\/span> <\/span><\/p>\n

What is whaling and how does it work?<\/span><\/b> <\/span><\/h2>\n

The term whaling comes from the word<\/span> whale<\/span><\/i>. This attack targets influential company personalities, <\/span>such as managers, CEOs, CFOs, and others with access to strategic information.<\/span><\/b> <\/span><\/p>\n

It consists of an advanced form of <\/span>phishing<\/span><\/a> where <\/span>attackers impersonate someone and trust to trick the victim into performing a harmful action, <\/span><\/b>such as approving a transfer or sharing login credentials.<\/span> <\/span><\/p>\n

Criminals often employ several strategies:<\/span> <\/span><\/p>\n

    \n
  1. Spoofed emails.<\/span><\/b>They develop spoofing techniques to make an email appear from the CEO, a trusted partner, or even an official body. <\/span> <\/span><\/li>\n<\/ol>\n
      \n
    1. Attacks man in the middle.<\/span><\/b>They intercept communications between managers or employees to modify messages and obtain valuable information. <\/span> <\/span><\/li>\n<\/ol>\n
        \n
      1. Social engineering.<\/span><\/b>They collect information from the victim on social networks or leaked databases to make their attacks more credible. <\/span> <\/span><\/li>\n<\/ol>\n

        Unlike common phishing, which sends mass emails hoping that someone will fall for it,<\/span> whaling is a personalized and well-crafted attack<\/span><\/b>.<\/span> <\/span><\/p>\n

        A real case of whaling<\/span><\/b> <\/span><\/h3>\n

        Imagine you’re the CFO of a company. You receive an email from the CEO asking you to urgently approve a transfer of \u20ac250,000 to an account in another country to close an important deal. The message is well written, with the signature and tone that the CEO usually uses. He even has an answer above that seems authentic. <\/span> <\/span><\/p>\n

        You will have fallen into the trap if you have no doubts and make the transfer without checking it with a call or a second channel. Days later, you will discover that the CEO never sent that message and that the money has been lost in a network of accounts that are impossible to trace. <\/span> <\/span><\/p>\n

        This is not science fiction: companies of all sizes have lost millions to these attacks.<\/span><\/p>\n

         <\/p>\n

        \"whaling<\/p>\n

         <\/p>\n

        The relationship between whaling and the man-in-the-middle attack<\/b><\/h2>\n

        One of the most sophisticated methods cybercriminals use in whaling is the<\/span> Man in the Middle (MITM) attack.<\/span><\/a> <\/p>\n

        In this attack, hackers<\/span> communicate between two parties<\/b> (e.g., between a manager and an employee) and manipulate messages without victims noticing.<\/span><\/p>\n

        How does a man-in-the-middle attack work in cybersecurity?<\/b><\/h3>\n

        The attacker can:<\/span><\/p>\n