Whaling?

Whaling, the phenomenon you’re likely better known than the word itself. Whaling is another form of phishing in which it does not involve the retrieval of data, but rather to carry out an action such as activating a payment.

The procedure is as follows:

A so-called familiar or executive from the management will contact you because he or she must arrange something quickly for an order or customer. If you might want to release or activate a payment. It is a bill that is apparently one of the larger for one of your recognized customers. But in reality, the scammer wants to collect a big booty. What you may not know is that you not only can receive such a request of these fraudster by email but also via social media such as Facebook and WhatsApp.

How is this possible? 
How can you receive such messages from scammers? It is possible that the e-mail or Facebook Account has been engineered to look like a known sender for you, or that they are taken over by hackers.

The message is really sent to you from his or her account.  In the case of WhatsApp your phone number or a list of contacts is held by the fraudsters, and you will be approached by an unknown phone number.

How do you recognize it?

Probably your gut feeling says it all. Are you really the first person the executive will consult? And wouldn’t he or she do this through other means? Do you recognize the language?

What are you doing?

You should of course not blindly accept such requests. If you doubt the authenticity of a message, check thoroughly. For example, by calling the corresponding number in case of a WhatsApp message. You will notice soon enough that you have a well-known colleague on the phone or not. You can also contact the people you know. Do it in person, for example through the department, the secretariat or the phone number you have of him.

See for questions on whaling the Security Awareness App