Security+ - Types of Attacks - Whaling Question

---

I'm studying for my Sec+ exam and I noticed something in the Types of Attacks Part 1 lesson that seems incorrect to me.
https://app.itpro.tv/course-library/security-updated-2017/typesattacks/

In this lesson and in the show notes, Wes describes Whaling as "Attacker(s) assume the identity of a C'level employee such as CEO or CFO, company attorney using insider threat actors".

In my external reading and understanding, this is not correct. Whaling does not attack employees impersonating C-level employees, but rather, C-level employees are the targets of the attack. I have heard it described as "Spear Fishing at the C-Level". As with all Phishing, the goal is to obtain confidential information. But the info obtainable from a C-Level is more valuable than others.

Am I misunderstanding the lesson content or does the lesson incorrectly describe Whaling?

Hey Chris,

Thank you for pointing that out, the whaling attack should be a phishing scam that targets C-level employees. In phishing attacks a lot of times they are random attacks, with spear phishing attacks this is a targeted attack where the bad actor has information about the organization and directs the attack towards a specific group (not random). Thank you for bringing this to my attention and I hope this helps. I will need to fix the error(post errata) thank you very much.

Hey Chris,

Thank you for pointing that out, the whaling attack should be a phishing scam that targets C-level employees. In phishing attacks a lot of times they are random attacks, with spear phishing attacks this is a targeted attack where the bad actor has information about the organization and directs the attack towards a specific group (not random). Thank you for bringing this to my attention and I hope this helps. I will need to fix the error(post errata) thank you very much.

@wes-bryan Thank you!