Whaling attacks represent a highly targeted form of phishing, focusing on executives or individuals holding access to crucial company data, in contrast to general phishing scams which are non-targeted. Cyber criminals employ sophisticated tactics to deceive and exploit their targets, emphasising the need for constant vigilance when faced with unexpected phone calls or emails.

To mitigate such risks, organisations can take the following steps:

• Regularly conduct comprehensive training sessions using platforms like KnowBe4 and stay updated with the latest scam alerts through newsletters from CSCM, ensuring employees are equipped to recognise and respond effectively to phishing attempts.
• Implement stringent access controls for confidential data, limiting access to individuals accessing it, thus reducing the potential for compromise.
• Utilise Multi-Factor Authentication (MFA) across all systems and accounts, adding an additional layer of security by mandating verification beyond passwords, thereby enhancing resilience against unauthorised access attempts.