Mrs Phillips was a victim of whaling: a type of phishing scam that targets senior staff and bosses, executives and other similar management roles to obtain sensitive data and/or money by deception. Just like in this example, there is usually more than one victim. Often whaling attacks will impact a whole company, in this case a school, or companies due to the sensitive data breached.
For the purposes of this example, our character Mrs Phillips was frauded in an email scam. Research had been carried out by the scammer posing as Mr Smith, as they’d found out the name of the school bursar, someone Mrs Phillips could trust. Whaling attacks can work because the criminals have done their research well and know who they should impersonate. Whaling also often involves using incredibly similar company websites and email addresses to fool victims – such as ‘Mr Smith’s’.
Mrs Phillips had worked with Mr Smith for years and there was a huge amount of trust between the two. That’s what whaling relies on; you’ll spot an email pop up from ‘Mr Smith, who you’ve worked with for 25 years’, or ‘Patricia, your best work friend’, or ‘Jonathan, the new COO who just started but seems lovely’ asking for some details or urgent bank payment and before you know it, you’ve been caught in a net.