Phishing is the act of deceiving a computer user into submitting personal information by constructing a fake website that appears to be legitimate. The recipient is duped into opening a malicious link, which can result in malware installation, system freezing as part of a ransomware assault, or the disclosure of sensitive information.
Phishing is a sort of friendly design assault regularly used to take client information, for example, login certifications and charge card numbers. When an attacker poses as a trusted entity and convinces the victim to open an email, instant message, or text message, this is known as phishing.
Variations of Phishing Attacks
- SPEAR PHISHING- The deceptive practice of sending emails seeming to be from a known or trustworthy sender in order to persuade recipients to give sensitive information.
- WHALING – A way of impersonating a senior employee and directly targeting senior or other significant employees with the intent of stealing money or sensitive information or gaining access to their computer systems for illegal purposes. A typical variation of a phishing attack sends phishing messages only to wealthy individuals.
- EMAIL PHISHING- E-mail phishing usually appears to be from a well-known organization and requires personal information such as credit card numbers, social security numbers, bank account numbers, passwords, etc.
- SMISHING – When someone uses a text or SMS message to deceive you into giving them your personal information.
- VISHING-Phishing on the phone is known as VISHING. It is defined as the use of the telephone to deceive a user into divulging personal information that will be utilized for identity theft.
Whaling is a phishing assault that targets an organization’s senior executives because the victim is considered high-value and the stolen information is more valuable than what a typical employee could supply. This is a variation of a phishing attack sends phishing messages only to wealthy Individuals.
The purpose of this whaling attack is to use social engineering, email spoofing, and content spoofing to deceive someone into exposing personal or corporate information. For example, the attackers may send the victim an email that appears to come from a reliable source; some whaling campaigns even include a specially designed malicious website established specifically for the attack.
A notable whaling attack occurred in 2016 when a senior Snapchat executive received an email from an attacker disguised as the CEO. The employee was tricked into providing salary information to the attacker. Eventually, the Federal Bureau of Investigation (FBI) investigated the attack.
This post was created to help our readers understand Whaling phishing and how it is carried out on people who have a lot of money. You can forward our blog to someone you believe will benefit from reading it.