I'm studying for my Sec+ exam and I noticed something in the Types of Attacks Part 1 lesson that seems incorrect to me.
https://app.itpro.tv/course-library/security-updated-2017/typesattacks/
In this lesson and in the show notes, Wes describes Whaling as "Attacker(s) assume the identity of a C'level employee such as CEO or CFO, company attorney using insider threat actors".
In my external reading and understanding, this is not correct. Whaling does not attack employees impersonating C-level employees, but rather, C-level employees are the targets of the attack. I have heard it described as "Spear Fishing at the C-Level". As with all Phishing, the goal is to obtain confidential information. But the info obtainable from a C-Level is more valuable than others.
Am I misunderstanding the lesson content or does the lesson incorrectly describe Whaling?