Whaling is the name of the dangerous variant of phishing which, always based on social engineering techniques, targets executives (CxO) and top management inducing them to carry out actions that are harmful to the company but profitable for the attacker.
The most classic example is that in which the victim receives an e-mail from their bank (which in reality is not) with the request to provide, for security reasons, a series of strictly confidential information such as access codes, credit card number, password or other.
To defend against this type of attack, you can take some actions:
- Implementing SPF hard fail : Hard Fail strengthens security regarding spoofing, i.e. the possibility that third parties can send emails from your domain.
- Implement secure connections : Verify that your mail clients are not exchanging "plaintext" passwords that could be sniffed and used to access your mailbox.
- Implement 2FA where possible : this makes it more difficult for someone to have access to their mailbox.
- Implement a mail access control system : a mail control system allows you to identify fraudulent accesses to your mailbox, perhaps from IPs from other foreign countries.
- Use specific protection tools : there are email protection products on the market that allow you to identify anomalous situations.
