The 2022 Global Fraud & Payments Report has revealed that 35 percent of merchants across the world are impacted by pharming, phishing, and whaling.
Take a look at this graph1 of the top threats, and you’ll see they’re just the tip of the iceberg.

Pharming, phishing, and whaling: the language of fraud, translated
You’d be forgiven for thinking that the terms pharming, phishing, and whaling have more in common with ocean life than they do with fraudsters. But in reality they can be a bit more sinister. So what do you need to know about these threats? Let’s break them down...
Pharming
Luring users into identity theft traps
Pharming happens when a network infrastructure is attacked—redirecting or pharming the user to an illegitimate, fake website without their knowledge or consent.
The main aim of these spoof sites is to capture a user’s personally identifiable information (PII) such as passwords, social security numbers, and account numbers. They can also attempt to install pharming malware on their computer.
Pharmers often target websites such as online payment platforms and eCommerce sites, with identity theft leading to profit as their primary objective.
Phishing
Casting the scamming net wide
The term phishing is when fraudsters use scam emails, text messages, or phone calls to trick their victims.
The aim is often to make a user visit a website, which will either download a virus onto their computer or steal bank details and other personal information.
Usually untargeted, they cast the net wide by sending mass emails that ask users for sensitive information such as bank details or they’ll encourage them to visit a fake website.

In 2021 retail and wholesale were there most targeted industries, experiencing the highest increase in phishing attacks at +436 percent2
Whaling
Phishing for big fish
Aimed at senior executives at C-level, whaling is a highly targeted phishing attack disguised as a legitimate email. These urgently-styled emails are sophisticatedly crafted using an understanding of business language, as well as containing socially gathered personal information about the targeted organization or individual. They are designed to encourage the user to perform a secondary action, such as initiating a wire transfer of funds.
As whaling doesn’t require extensive technical knowledge yet can deliver huge returns, it poses one of the biggest threats to businesses today, such as financial institutions, payment services, and eCommerce sites.

In 2021, the FBI reported $2.4 billion lost to whaling in the U.S. alone3
We hope you now feel better equipped to stay alert to these three common threats.
Because fraud is complex and far reaching, it pays to get an even deeper understanding of everything else that's out there. To learn about all the other types of fraud, read the 2022 Global Fraud & Payments Report here.
1 All data comes from the 2022 Global Fraud and Payments Report.
2 zscaler 2022 Threatlabz Phishing Report, page 4.
3 Federal Bureau of Investigation Internet Crime Report 2021, page 9.