UPDATE 1 MAR 2016: Our partners at Mimecast announced today at the RSA Conference that they are launching the first-ever threat protection against whaling. Learn more here.


Whaling Attack? No, it’s not the latest survivalist reality television show. It’s a potential hacking threat posing a real problem for today’s technologically driven law firms and companies. [Update 29 FEB 2016: Here are a few good, if sad, examples of whaling.]

As in reality, whales are bigger than phish. Phishing is usually conducted using shotgun-style emails sent to the masses looking for people to divulge sensitive information, like Social Security Numbers or other personally identifiable information (PII). A whaling attack, however, targets the C-suite, partners, upper management, celebrities and other individuals of high worth or influence.
A whaling attack targets the C-suite, partners, upper management, celebrities and other individuals of high worth or influence.The “whale” moniker might sound familiar to those who frequent Las Vegas. A “whale” is a high roller with lots of free resources to spend. The casinos target whales with direct marketing to get them to visit their properties. However, in the context of this discussion, the targets of these attacks are employees with access to resources.


These attacks are often several orders of magnitude more involved than the aforementioned phishing attempts to breach your defenses. Harkening back to the pool sharks of yore, elaborate webpages with the mark’s name, title and other PII can entice the potential victim into thinking that they are dealing with a legitimate entity. These can also be disguised as a client complaint or even a legal subpoena. 

As you can surmise, these types of much more highly targeted attacks start at the top and can create a plethora of issues (financial or other) for your law firm or business. You can help protect your organization through education in processes and procedures on identifying and responding to these inquiries and, more important, putting tools and people in place to help prevent these items from even hitting your network.

We urge law firms to consider cybersecurity solutions offered by our partners SentinelOne, Acronis, Mimecast, Fortinet and other partners. Contact us for help hardening your network against threats today.