Whaling phishermen have also forged official-looking FBI subpoena emails, and claimed that the manager needs to click a link and install special software to view the subpoena., it appears as though the URL will take you to the example section of the yourbank website; actually this URL points to the "yourbank" (i.e. Another common trick is to make the displayed text for a link (the text between the tags) suggest a reliable destination, when the link actually goes to the phishers' site.
Many email clients or web browsers will show previews of where a link will take the user in the bottom left of the screen, while hovering the mouse cursor over a link.
An example of a phishing email, disguised as an official email from a (fictional) bank.
Whaling scam emails are designed to masquerade as a critical business email, sent from a legitimate business authority.
The content is meant to be tailored for upper management, and usually involves some kind of falsified company-wide concern.
Several phishing attacks have been directed specifically at senior executives and other high-profile targets within businesses, and the term whaling has been coined for these kinds of attacks.
In the case of whaling, the masquerading web page/email will take a more serious executive-level form.
These filters use OCR (optical character recognition) to optically scan the image and filter it.
Some anti-phishing filters have even used IWR (intelligent word recognition), which is not meant to completely replace OCR, but these filters can even detect cursive, hand-written, rotated (including upside-down text), or distorted (such as made wavy, stretched vertically or laterally, or in different directions) text, as well as text on colored backgrounds.
It may claim to be a resend of the original or an updated version to the original.
This technique could be used to pivot (indirectly) from a previously infected machine and gain a foothold on another machine, by exploiting the social trust associated with the inferred connection due to both parties receiving the original email.
Phishing is the attempt to obtain sensitive information such as usernames, passwords, and credit card details (and, indirectly, money), often for malicious reasons, by disguising as a trustworthy entity in an electronic communication.
The word is a neologism created as a homophone of fishing due to the similarity of using a bait in an attempt to catch a victim.
Attempts to deal with the growing number of reported phishing incidents include legislation, user training, public awareness, and technical security measures.