Another Fishing synonym – CEO Whaling

Part 1: 5 phishing tactics that are threatening UK Businesses

Whaling - a phishing scam
Be vigilant to CEO fraud known as whaling

As IT departments tighten their network security, cyber criminals are now focusing on the next weak link in business defences – employees.

Of the 95,000 phishing email scams reported by Action Fraud in 2015 many were tailored to fool company staff – leading to malware and ransomware infections, as well as data and financial theft.

In this series of blog posts we’ll look at five types of phishing email that have the potential to cripple your business. This first post looks at CEO fraud, also referred to as ‘whaling’.

CEO fraud is a spear phishing technique that can have a disastrous financial effect on businesses. Fraudsters impersonate company bosses – typically CEOs, CFOs or financial directors – requesting financial personnel to make urgent bank transfers.

Other variations of spear phishing can include emails directed at HR staff requesting employee payroll data, or to administrators in health care organisations requesting medical records. All seemingly come from colleagues within the same organisation.



Want to check how good your organisation’s security is? Click here.

Example of a phishing email
An example of CEO fraud – whaling

CEO fraud has resulted in many high-profile casualties including Michellin, French Connection, Nestle, KPMG, Ubiquiti and Snapchat.

One of the most recent victims was American toy-maker Mattel, in which an unsuspecting finance executive wired $3 million to a Chinese bank account, believing the request was made by the company’s CEO.

Fraudsters not only spoofed the Mattel CEO’s email address, they also exploited a period of management change to their advantage – so that the victim had fewer approvals to obtain before wiring the money.

Whalers don’t just target big corporations. SMEs are also regularly targeted, as with the case of French industrial company Etna Industrie, in which the company’s accountant was pressurised into making several ‘urgent’ bank transfers totalling £372,000.



Want to know more? Get in touch with one of our experts today

How to protect your business from spear phishing

  • Simulate a targeted spear phishing attack with PhishAware
  • Use the results to review existing processes for transferring funds or releasing confidential information.

Learn more about PhishAware

Receive the full infographic of the 5 hot trends in phishing tactics here:

Send me the Infographic