Whaling

Whaling is a high-value variant of spear phishing in which fraudsters impersonate or target C-suite executives. The 'whale' metaphor reflects the size of the prize: executives have authority to approve large wire transfers, access sensitive financial systems, and override normal verification procedures.

A whaling attack might involve an email that appears to come from the CEO instructing the CFO to urgently transfer funds to a new supplier, or a fake legal notice claiming the company is being sued and requiring immediate confidential action. Attackers invest significant time researching the target's communication style, ongoing projects, and reporting relationships.

Whaling overlaps heavily with CEO fraud and business email compromise (BEC). The emotional levers used are urgency, secrecy ('don't discuss this with colleagues'), and authority.