• C
    Chris Ferguson

    I'm studying for my Sec+ exam and I noticed something in the Types of Attacks Part 1 lesson that seems incorrect to me.

    In this lesson and in the show notes, Wes describes Whaling as "Attacker(s) assume the identity of a C'level employee such as CEO or CFO, company attorney using insider threat actors".

    In my external reading and understanding, this is not correct. Whaling does not attack employees impersonating C-level employees, but rather, C-level employees are the targets of the attack. I have heard it described as "Spear Fishing at the C-Level". As with all Phishing, the goal is to obtain confidential information. But the info obtainable from a C-Level is more valuable than others.

    Am I misunderstanding the lesson content or does the lesson incorrectly describe Whaling?

    posted in Security read more