Protecting a whale in a sea of phish Journal Article uri icon

Overview

abstract

  • Whaling is one of the most financially damaging, well-known, effective cyberattacks employed by sophisticated cybercriminals. Although whaling largely consists of sending a simplistic email message to a whale (i.e. a high-value target in an organization), it can result in large payoffs for cybercriminals, in terms of money or data stolen from organizations. While a legitimate cybersecurity threat, little information security research has directed attention toward whaling. In this study, we begin to provide an initial understanding of what makes whaling such a pernicious problem for organizations, executives, or celebrities (e.g. whales), and those charged with protecting them. We do this by defining whaling, delineating it from general phishing and spear phishing, presenting real-world cases of whaling, and provide guidance on future information security research on whaling. We find that whaling is far more complex than general phishing and spear phishing, spans multiple domains (e.g. work and personal), and potentially results in spillover effects that ripple across the organization. We conclude with a discussion of promising future directions for whaling and information security research.

publication date

  • September 1, 2020

has restriction

  • closed

Date in CU Experts

  • December 4, 2024 3:52 AM

Full Author List

  • Pienta D; Thatcher JB; Johnston A

author count

  • 3

Other Profiles

International Standard Serial Number (ISSN)

  • 0268-3962

Electronic International Standard Serial Number (EISSN)

  • 1466-4437

Additional Document Info

start page

  • 214

end page

  • 231

volume

  • 35

issue

  • 3