The big catch: How whaling attacks target top executives

When a hedge fund manager opened up an innocuous Zoom meeting invite, he had little idea of the corporate carnage that was to follow. That invite was booby-trapped with malware, enabling threat actors to hijack his email account. From there they moved swiftly, authorizing money transfers on Fagan’s behalf for fake invoices they sent to the hedge fund.

In total, they approved $8.7 million worth of invoices in this way. The incident was ultimately the undoing of Levitas Capital, after it forced the exit of one of the firm’s biggest clients.

Unfortunately, targeting of senior execs like this is not uncommon. Why bother with the little fish when whales can elicit such riches?

What is whaling?

Put simply, a whaling cyberattack is one targeted at a high-profile, senior member of the corporate leadership team. It could come in the form of a phishing/smishing/vishing effort, or ...