Whaling is a type of phishing attack that targets high-level executives or other “big fish” within an organization—like CEOs, CFOs, or directors. The goal is to trick them into revealing sensitive information, approving fraudulent transactions, or clicking malicious links, often by impersonating a trusted colleague, partner, or authority figure.
Unlike basic phishing, whaling emails are usually well-crafted and personalized, making them harder to detect. Because the targets have access to critical systems and funds, a successful whaling attack can lead to serious financial and reputational damage.