Which of the following is characterized by an attacker attempting to map out an organization’s staff
hierarchy in order to send targeted emails?

A.
Whaling

B.
Impersonation

C.
Privilege escalation

D.
Spear phishing

Explanation:

A whaling attack is targeted at company executives. Mapping out an organization’s staff hierarchy
to determine who the people at the top are is also part of a whaling attack.
Whaling is a specific kind of malicious hacking within the more general category of phishing, which
involves hunting for data that can be used by the hacker. In general, phishing efforts are focused
on collecting personal data about users. In whaling, the targets are high-ranking bankers,
executives or others in powerful positions or job titles.
Hackers who engage in whaling often describe these efforts as “reeling in a big fish,” applying a
familiar metaphor to the process of scouring technologies for loopholes and opportunities for data
theft. Those who are engaged in whaling may, for example, hack into specific networks where
these powerful individuals work or store sensitive data. They may also set up keylogging or other
malware on a work station associated with one of these executives. There are many ways that
hackers can pursue whaling, leading C-level or top-level executives in business and government
to stay vigilant about the possibility of cyber threats.