Skip to Content

CompTIA Security+ (Plus): What Is the Attack Called When High-Level Executives Are Targeted with Fake IT Emails?

By: Author Alex Lim

Posted on

Categories Exam

What is a whaling attack in cybersecurity, and how does it target high-level executives with convincing fake emails? Learn how whaling differs from phishing and spear phishing, and why it’s a critical threat for organizations—essential for CompTIA Security+ (Plus) SY0-701 exam success.

Table of Contents

Question

A high-level executive receives an email that appears to be from the company’s IT department, requesting login credentials to “resolve an urgent security issue.” What type of attack is this?

A. Spear phishing
B. Vishing
C. Smishing
D. Whaling
E. Spoofing

Answer

D. Whaling

Explanation

Whaling is a targeted phishing attack aimed at executives or high-profile individuals.

When a high-level executive receives an email that appears to be from the company’s IT department requesting login credentials to “resolve an urgent security issue,” this is a whaling attack.

Whaling is a specialized form of phishing attack that specifically targets high-ranking executives and decision-makers, such as CEOs, CFOs, or board members. The emails are highly personalized, often referencing the executive’s name, title, or other relevant details to appear credible and urgent.

The attacker’s goal is to trick the executive into disclosing sensitive information, such as login credentials, financial data, or authorizing wire transfers, by impersonating trusted internal departments like IT or finance.

Whaling differs from standard phishing (which targets a broad audience) and spear phishing (which targets specific individuals at any level) by focusing exclusively on high-profile individuals whose access and authority can yield significant gains for attackers.

These attacks often use social engineering, email spoofing, and urgent language to pressure the executive into acting quickly without verifying the request.

The consequences of a successful whaling attack can include severe financial loss, data breaches, reputational damage, and operational disruption.

Whaling is a targeted phishing attack aimed at high-level executives, using highly personalized and convincing emails to trick them into revealing sensitive information or credentials.

CompTIA Security+ (Plus) SY0-701 certification exam practice question and answer (Q&A) dump with detail explanation and reference available free, helpful to pass the CompTIA Security+ (Plus) SY0-701 exam and earn CompTIA Security+ (Plus) SY0-701 certification.