10 whaling emails that could get by an unsuspecting CEO
Real-life whaling attempts show the intricate changes perpetrators try to make to trick a CEO.

Whaling
Whaling threats or CEO fraud continues to grow with 67 percent of firms seeing an increase in these email-based attacks designed to extort money. There has been an uptick of activity lately as fraudsters spend the first few months of the year taking advantage of tax season, targeting finance departments with emails that look like they are coming from a company’s senior executive. Case in point are Snapchat and Seagate as companies that inadvertently gave up employees’ personal information.
Email security company Mimecast has shared a handful of real-life examples of fraud attempts targeted at the person in the corner office.
Note: Names and domains have been modified to preserve recipient privacy. Source domain styles and homograph attack techniques have been maintained.
More on phishing:
Too busy to talk
This attempted attack originated from New York, where the attacker has registered a similar domain name, replacing the “o’s” with similar and easily overlooked zeros. Additional social engineering tries to keep the conversation to email to avoid detection.
Need the money fast
The server was tracked down to Toronto, where the attacker has registered a similar domain name, replacing the “m” in the domain is replaced with an “rn”.
A little too quick with this attempt
This one seems a little amateurish as the number 1 really sticks out in the email address. But a busy CEO might not look close enough when dealing with 10 million other things. This message was tracked down to a server in New York.
Sneaky suspectsssss
The attacker has registered a similar domain name, using a double “s” which is easily overlooked.
King of whaling
Perhaps this is the same person as the last slide by dropping in an extra “s” at the end of the email address to dupe the CEO. And who uses the word “soonest”?
I said immediately
The attacker, who was tracked back to Johannesburg (or at least that is where the server was located), has registered a similar domain name, using a double “c” which is easily overlooked.
I would gladly pay you Tuesday for a hamburger today
Kind of has that Popeye character “Wimpy” ring to it, no? The attacker has created a Hotmail account that could appear to be a CEO webmail service. Red flags should appear when you see an email address like that.
Breaking bad
Hopefully the CEO broke away from this email immediately when he noticed it was Walter White (maybe not the one from Breaking Bad). The attacker has registered a similar-looking domain name to the actual White Chemicals.
Gmail?
It just seems like this attacker is lazy in using a Gmail account to try and fool the CEO.
Too busy
The attacker has created a Gmail account that could appear to be a CEO webmail service. Additional social engineering tries to keep the conversation to email to avoid detection.