Whaling is a type of phishing attack that targets high-profile employees, such as CEOs or CFOs, in order to steal sensitive information from a company. The term "whaling" comes from the size of the attacks, and the targets are picked based on their authority within the company. Whaling attacks are highly targeted and often more difficult to detect and prevent than standard phishing attacks. The attackers may send the victim an email that appears to be from a trusted source, and the goal is to trick the victim into disclosing personal or corporate information through social engineering, email spoofing, and content spoofing efforts. The desired outcomes may include coercing the recipient to take an unwanted action, such as triggering a wire transfer, or to click on a link or open an attachment that installs malware or sends the target to a malicious website impersonating one thats legitimate. Defending against whaling attacks starts with educating key individuals within an organization to ensure they are routinely on guard about the threat. A multi-faceted phishing awareness program can teach key principles to prevent whaling attacks and allow employees to put those principles into practice.