Glossary
What is whaling?
Whaling is a highly targeted phishing attack aimed at senior executives — the 'big fish'. Because leaders can authorize payments and access sensitive data, attackers craft convincing, personalized messages to trick them into transferring funds or revealing confidential information.
How whaling works
Whaling combines deep research with impersonation. Attackers study an executive's role, travel, deals and contacts, then send a message that fits their world — a board matter, an acquisition, a legal request — to lower their guard.
It often overlaps with business email compromise: the attacker either impersonates the executive to others, or targets the executive directly.
Why executives are targeted
Executives have authority, access and time pressure — and assistants who act on their behalf. A single successful whaling email can move large sums or expose the most sensitive data in the company.
How to prevent whaling
- Verify high-value requests out-of-band, even when they come from leadership.
- Give executives and their assistants targeted, realistic simulation training.
- Require dual approval for large payments and sensitive data access.
- Reduce the personal detail exposed publicly that attackers use for research.
How HookPhish helps
HookPhish uses Advanced Human Detection to deliver realistic, role-appropriate simulations to your highest-risk people — including executives and finance.
Frequently asked questions
What's the difference between whaling and spear phishing?+
Whaling is a form of spear phishing that specifically targets senior executives, who have the most authority and access.
Why is whaling so dangerous?+
Executives can authorize payments and reach sensitive data, so one successful whaling attack can cause outsized financial or data loss.
How do I protect executives from whaling?+
Combine out-of-band verification and dual approvals with targeted simulation training for leaders and their assistants.
Security training designed for people. Built for enterprise.
Learn how HookPhish can effortlessly transform your security program and reduce your human cyber-risk.
Fill out the form to schedule a 30-minute chat with a product expert. We'll discuss the challenges you want to solve, walk through HookPhish, and answer any questions.
Book a personalized demo
Looking to become a partner? Use this form instead.