How does a whaling attack take place?
- A click that leads to a malicious website: A whaling attempt may look like a link to a regular, familiar website. When users click on a malicious link it directs to a fraudulent website, that prompts them to enter information into the login fields, users are most likely told that the information entered was incorrect and that should try again. This is the scam!
- Information that went out of our hands:The information that is entered into the fake site is sent to the attacker and then users are redirected to the legitimate website. This time, username and password (which were correct in the first place) work just fine. However, the attacker now has user username and password to this website and have no idea that this information has been compromised.
- Downloaded the wrong program:Other whaling attempts may trick users into downloading a malicious program in order to view a document or image. The program is then used by the attacker to track everything the user types or to delete things from computer.