October is Cybersecurity Awareness Month, and the Express Blog has tips for leaders and employees to stay cyber safe this month and beyond.
Whaling is a type of scam aimed at getting an employee to transfer money or send sensitive information to a hacker acting as a trusted source via email. Whaling is extremely easy to fall for and can result in significant financial losses.
These emails can be difficult to catch because they appear to be harmless, have a normal, friendly tone, and no links or attachments. They will appear to come from a high-level official at the company, typically the CEO or CFO, and often ask you to disclose sensitive information or initiate a wire transfer.
A few things to watch out for in a typical whaling attempt:
- Doppelganger: Whalers may utilize fake email domains that look similar to our domain. Watch out for things like: [EMAIL]@[VARIATION ON COMPANY DOMAIN].
- A Hurried Tone: Whalers will often ask you to send money immediately, stating that they’re busy or in a meeting and can’t do it themselves.
- Email Only: Since whaling relies on impersonating an employee via a fake, yet similar email address, they will ask you not to call with questions and only reply through email.
Check out previous posts from the Express Blog about Cybersecurity Month:
Recognizing and Reporting Phishing
Turn on Multi-Factor Authentication
Last Updated on September 3, 2025
