Why do whaling Attacks Work?
Whaling attempt against a high-profile target still relies on compelling the target, usually under the guise of some urgency.
Whaling attacks are often successful because attackers are willing to devote extensive time and effort to constructing these campaigns due to their potentially high returns. Attackers gather information including birthdays, pictures, hobbies, promotion announcements and relationships via social media, internet or compromised email accounts and use this information to craft incredibly convincing campaigns.
The goal is to capture sensitive information, like credentials, that give the attacker a master key to a company's intellectual property, customer data, or other information that could be lucrative if sold in black markets.