By using this site, you agree to the Privacy Policy and Terms of Use.
Accept
Start Your Business Magazine
Sunday, Jul 12, 2026
  • Connect:
  • Podcasts
  • Get the Book!
  • Contacts
  • Starting Up

    Starting Up

    a guide to starting a business

    • Business Planning
    • Business Ideas
    • Startup Checklists
    • Company Formation
    Reading: Whaling:
    • Business Banking
    • How to Guides
    • eCommerce
    Reading: Whaling:
  • Funding

    Funding

    raising finance and managing cashflow

    • Start Up Funding
    • Grants
    • Business Angels
    • Venture Capital
    Reading: Whaling:
    • Venture Debt
    • SEIS/EIS
    • Growth Capital
    • Bridging Loans
    Reading: Whaling:
    • Commercial Mortgages
    • Invoice Finance
    • Merchant Cash Advance
    Reading: Whaling:
    Get Quotes
  • Running

    Running

    managing a small business

    • Advertising
    • Social Media
    • Email Marketing
    Reading: Whaling:
    • Card Machines
    • Payment Gateway
    • Payments by Phone
    Reading: Whaling:
    • Remote Working
    • Serviced Offices
    • Virtual Office
    Reading: Whaling:
  • Growing

    Growing

    scale and grow your business

    • Scaling
    • Finance
    • Technology
    Reading: Whaling:
    • Accounting
    • Manufacturing
    • Tax
    • Marketing
    Reading: Whaling:
    • Import Export
    Reading: Whaling:
  • SME Update

    SME Update

    the latest news and expert advice

    • Lastest
    • Business Experts
    • Blogs
    • Business Advice
    Reading: Whaling:
    • Interviews
    • Books
    • Events
    • Agenda
    Reading: Whaling:
    • Wellbeing
    • Women in Business
    Reading: Whaling:
Reading: Whaling:
Newsletter
Font ResizerAa
Start Your Business MagazineStart Your Business Magazine
  • How To
  • Books
  • Podcasts
  • Interviews
Search
  • Agenda
  • Contact Us
  • Book Review
  • Blogs
  • Finance
  • Growing Business
  • How To
  • Interviews
  • Categories
    • Marketing
    • Startups
    • Advertising
    • Market Trends
    • Tech Moves
  • Marketing
  • SME Update
  • Starting Up
  • Technology
  • Wellness
  • Contact

Trending →

Investing in ETFs

Marketing Agencies

How to Start a Building Material Business

Communicate Better

The Strawman Theory Explained

Follow US
Start Your Business Magazine > Blog > Technology > Whaling:
Technology

Whaling:

Start Your Business
Share
6 Min Read
Digital whale in the ocean of cryptocurrencies on its way to the moon. Whale is a term that refers to individuals or entities that hold large amounts of cryptocurrency.
SHARE

The cyber attack targeting senior executives

Every business has heard of phishing attacks, the scam emails used by hackers to gain user credentials or financial information, but less well-known is ‘whaling’ – highly-targeted attacks aimed at the ‘big fish’ of an organisation.

Contents
  • How to recognise a whaling attack:
    • Emails are sent from a spoof domain name
    • The message tries to make you act quickly
    • They don’t want to speak on the phone
    • Updated payment instructions are given
    • What should employees do in the event of a whaling attack?
    • How to prevent a whaling attack:

Also known as CEO fraud, in a typical whaling attack, a hacker will masquerade as a senior member of a company and communicate with their employees asking them to send urgent payments or sensitive information.

Cyber security experts are concerned that whaling is on the rise. Anthony Green, CTO of cyber security firm FoxTech, discusses this issue and explains how to spot a whaling attempt:

“In recent years there has been an increase in the scale and sophistication of whaling attempts. The UK Cyber Security Breaches Survey 2022 saw businesses report that impersonation attempts were the second most common type of breach or attack they had faced in the last 12 months, with phishing being the most common.

“While phishing emails are often indiscriminate and unresearched – making them easier to spot – whaling attacks can be personalised, convincing and easy to fall for. Hackers often spend weeks gathering information to create a believable impersonation – studying the language and communication style of their target and finding out which employees regularly respond to requests from that person, and wouldn’t be surprised to receive an urgent communication.”

How to recognise a whaling attack:

Emails are sent from a spoof domain name

Hackers will try to make whaling emails look as legitimate as possible, including company graphics and spoof email addresses that look real at first glance – but contain minor differences. Look out for added or removed full stops that do not follow your company norm, like john.smith@company.com becoming johnsmith@company.com. Another common tactic is using ‘r’ and ‘n’ together to look like an ‘m’ – so markbrown@company.com becomes rnarkbrown@company.com. Whaling attacks are not always carried out via email. Hackers may claim to be a senior executive over platforms like text, WhatsApp or Slack. Be alert to messages from unknown numbers, and be wary of excuses such as a lost phone or deleted account.

The message tries to make you act quickly

Hackers rely on victims feeling compelled to act immediately, and without consulting the person the message claims to be from.

Any sense of urgency, such as marking the message as ‘important’ or ‘urgent’ in the subject line, a hurried tone, or demands for a quick payment could all be a sign that the demand is illegitimate.

They don’t want to speak on the phone

Be suspicious of any excuse regarding not being able to speak on the phone, such as lost signal, or being in a meeting, as this could be a sign that the communication is from a cyber criminal who doesn’t want to blow their cover.

Updated payment instructions are given

Whaling attacks will often involve the hacker giving an employee ‘updated payment instructions’, or making a request that money is sent to a different account for any reason. If a hacker has done their research, they may know about a real payment that is due to take place and use this information to make their request seem legitimate.

What should employees do in the event of a whaling attack?

Anthony comments:

“If you suspect an email is suspicious, do not respond. Instead, call the person the message claims to be from to confirm the legitimacy of the request. Do not proceed with any action until you have verbal confirmation. If you discover that the message was not legitimate, alert your entire company to the attack attempt, including all relevant details. Hackers will often target more than one employee so this can prevent someone else falling for the same attack.”

How to prevent a whaling attack:

“Strengthening your overall cyber security posture can help to prevent whaling attacks,” says Anthony. “Increase your email security by installing two-factor authentication and DMARC (an email spoofing protocol that stops the unauthorised use of an email domain). Many businesses also use a vulnerability management service to ensure any breach is identified as soon as it occurs. We also offer businesses an insight into the vulnerability of their domain with our free CyberRisk tool.”

“If a whaling email does get through your security measures, employees are the first line of defence. Ensure that staff are trained on how to deal with a whaling attack – the National Cyber Security Centre (NCSC) has a useful guide on how to deal with whaling. It is also a good idea to create a written company policy for how payments and sensitive data will be requested and sent, with a protocol for verbal confirmation – this makes it harder for an attacker to convince an employee that their request is legitimate.”

TAGGED:header
Share This Article
Facebook Copy Link

You Might Also Like ↷

Working Environment

February 10, 2022

5 Tips for Starting Your Own Catering Business

August 4, 2021

Bootstrapping

November 13, 2019

Sustainability

November 28, 2022
  • RSS
  • Terms And Conditions
  • Privacy Policy
  • Contact
  • Licensing
  • Contacts
  • Cookie Policy

Start Your Business Magazine: The Ultimate Business Start Up Guide provides information advice and guidance for entrepreneurs and new business start ups. Get the latest from us delivered directly to your inbox.

Start Your Business Magazine
  • Store
  • Features
  • Book
  • Trending
  • Topics
FacebookLike
XFollow
InstagramFollow
YoutubeSubscribe

Copyright 2026 Gambit Interactive Media Limited – All Rights Reserved.

Manage Cookie Consent
We use technologies like cookies to store and/or access device information. Cookies are used for ads personalisation We do this to improve browsing experience as well as show personalized ads. Consenting to these technologies will allow us to process data such as browsing behavior or unique IDs on this site. Not consenting or withdrawing consent, may adversely affect certain features and functions.
Functional Always active
The technical storage or access is strictly necessary for the legitimate purpose of enabling the use of a specific service explicitly requested by the subscriber or user, or for the sole purpose of carrying out the transmission of a communication over an electronic communications network.
Preferences
The technical storage or access is necessary for the legitimate purpose of storing preferences that are not requested by the subscriber or user.
Statistics
The technical storage or access that is used exclusively for statistical purposes. The technical storage or access that is used exclusively for anonymous statistical purposes. Without a subpoena, voluntary compliance on the part of your Internet Service Provider, or additional records from a third party, information stored or retrieved for this purpose alone cannot usually be used to identify you.
Marketing
The technical storage or access is required to create user profiles to send advertising, or to track the user on a website or across several websites for similar marketing purposes.
  • Manage options
  • Manage services
  • Manage {vendor_count} vendors
  • Read more about these purposes
View preferences
  • {title}
  • {title}
  • {title}
Go to mobile version