1300 133 966

Emerging IT Insights

Whaling and Spear Phishing Explained


Chris Ball

Tech writer, Emerging IT


Whaling or spear phishing attacks refer to scams targeting employees within a business to get confidential information for fraudulent purposes.

The goal is normally to direct you to make payments to a fake website or to download an attachment with malware to record key strokes and passwords. 

Carefully crafted by scammers, these types of attacks are particularly effective. They often mimic communications sent by someone you trust in your business. It could be your boss, supplier or co-worker. Moreover, they are often personalised using a format of email address you’re familiar with. This makes them particularly hard to spot quickly.

If you receive email from a sender you don’t know, never click on the links or open any attachments. Instead, verify the identity of the sender by calling the organisation directly.

To protect yourself watch out for:

  • urgent emails out of the blue – perhaps a customer complaint or legal subpoena;
  • sender address that is similar but not identical to an address you’re familiar with;
  • being asked to enter confidential work-related or personal details into a website;
  • look for the secure symbol (https:);
  • update security software, change passwords and back up content regularly;
  • shred all business documents before you dispose of them;
  • be mindful of what information is posted on social media websites (develop an internal policy).

What do you do in the event of a Data Breach?

Meeting the Challenges of Hybrid IT

Case Study: Mergers & Acquisitions

Contact Emerging IT

Need a quote or consultation? Guaranteed response within 2 hours.

Get in touch today

Melbourne Office
2/3-5 Gilda Court
Mulgrave, VIC 3170
Sydney Office
Level 8, 50 Berry St
North Sydney, NSW 2060