Glossary / Fraud & scams
Whaling
Whaling is a form of spear phishing that targets senior executives, using highly tailored messages to trick them into authorising large payments or disclosing sensitive information.
What it means
Whaling is spear phishing aimed at the “big fish”, the senior executives who can authorise large payments or access sensitive information. Instead of a generic scam email, the attacker researches the target and crafts a highly tailored message that fits their role, relationships, and current business, such as a live acquisition, a board matter, or a major supplier. The goal is to get the executive to act on the message directly, or to lend their authority to a request that pressures staff below them. A typical Australian example is a CFO receiving what appears to be a confidential note from the managing director about a pending deal, asking them to personally approve an urgent transfer outside the normal process.
Why it matters for Australian finance teams
Whaling is dangerous because senior approvals are trusted and rarely questioned, and because executives are busy and often reviewing messages on mobile devices where warning signs are easy to miss. Business email compromise and executive impersonation are among the highest-value scams reported to the ACCC and Scamwatch, with individual losses frequently in the hundreds of thousands of dollars. A single successful whaling email can convert executive authority straight into a fraudulent payment.
How ezyshield helps
ezyshield cannot stop a deceptive email from arriving, but it removes the payment that whaling is engineered to produce. Before money moves, ezyshield confirms the person, the business through ABN and ASIC records, and that the payee owns the nominated bank account, and re-verifies on any change, so even an executive-approved instruction cannot send funds to an unverified account. Every check is recorded in an append-only audit trail. See how it works and CEO fraud.
Also known as: whaling attack, executive phishing
Last updated: 7 July 2026
Related terms
- Spear Phishing Spear phishing is a targeted form of phishing that uses personalised details about a specific individual or organisation to make the fraudulent message more convincing.
- CEO Fraud CEO fraud is a scam where an attacker impersonates a senior executive, such as the CEO or CFO, to pressure staff into making an urgent payment or changing payment details.
- Business Email Compromise (BEC) Business email compromise (BEC) is a scam in which an attacker hacks or impersonates a company email account to trick staff into transferring money or changing payment details.
See also: CEO fraud , Business email compromise , Payment fraud prevention in Australia
Stop payment fraud before money moves
Verify the person, business, and bank account before any payment leaves your account.