Which of the following is characterized by an attacker attempting to map out an organization’s staff hierarchy in
order to send targeted emails?
A whaling attack is targeted at company executives. Mapping out an organization’s staff hierarchy to determine
who the people at the top are is also part of a whaling attack.
Whaling is a specific kind of malicious hacking within the more general category of phishing, which involves
hunting for data that can be used by the hacker. In general, phishing efforts are focused on collecting personal
data about users. In whaling, the targets are high-ranking bankers, executives or others in powerful positions or
Hackers who engage in whaling often describe these efforts as “reeling in a big fish,” applying a familiar
metaphor to the process of scouring technologies for loopholes and opportunities for data theft. Those who are
engaged in whaling may, for example, hack into specific networks where these powerful individuals work or
store sensitive data. They may also set up keylogging or other malware on a work station associated with one
of these executives. There are many ways that hackers can pursue whaling, leading C-level or top-level
executives in business and government to stay vigilant about the possibility of cyber threats.