Security Blue Team Level 1 Practice Test

Whaling is a targeted phishing attack aimed at high-level individuals like executives or managers to trick them into revealing credentials or authorizing fraudulent transfers. Attackers do background work to learn about the target and craft messages that look legitimate, often impersonating a trusted figure such as the CEO or CFO. The goal is to exploit authority and urgency to bypass normal scrutiny, steering the victim toward revealing sensitive information or approving a money transfer.

This is different from general phishing, which casts a wide net with generic messages to many people. It’s not simply about a spam email or about sending malware-infected attachments; whaling centers on highly personalized social engineering directed at leadership to achieve significant financial or access goals.