Phishing that targets a high-profile employee to obtain information is known as what?

Targeted phishing aimed at high-profile individuals to obtain sensitive information. This approach tailors messages to look like legitimate requests from a CEO or other top executive, leveraging the recipient’s trust and authority within the organization. By researching the target’s role, recent events, and internal processes, the attacker crafts a convincing email or message that urges actions such as approving a wire transfer, sharing credentials, or exposing confidential data. Because executives handle the most valuable information and resources, this kind of attack yields the highest potential payoff, which is why it’s called whaling—the idea of catching the “big fish.” It’s a specialized form of social engineering within phishing, focused on the top tier of targets, rather than a broad or generic phishing attempt. The other tactics involve physical access or another type of deception that doesn’t rely on impersonating a high-level executive through email. To defend, organizations should emphasize ongoing awareness training, verification through independent channels for financial or data-change requests, and strong email authentication and monitoring.