top of page

Exclusive London club targeted in whaling attack

In a recent disclosure, the Carlton Club - one of London’s most exclusive membership-only clubs - found themselves a victim of a targeted phishing/whaling campaign, purporting to be a genuine email sent by the club’s fundraising political committee.

Contained within the email was a file called “donations funding”, using a lure which is relevant and interesting to its targets. Interacting with the attached file connects to a Russian command-and-control server.

The Carlton Club is historically known for providing the setting of a Conservative-led coup in the 1920s. The high-profile nature of the members gives credence to the theory that this is a targeted campaign towards those involved in the recent election process.

The attack has all the hallmarks of a ‘whaling’ attack. A whaling attack is a type of spear-phishing attack directed at high-level executives where attackers masquerade as legitimate, known and trusted entities and encourage a victim to share highly sensitive information or to send a wire transfer to a fraudulent account.

In a whaling attack, attackers send an email that looks and seems like a legitimate email from a trusted source, often a contact within the company or with a partner, vendor, or customer account.

A whaling email will contain enough personal details or references gleaned from internet research to convince the recipient that it is legitimate. Whaling attacks may also ask a user to click on a link that leads to a spoofed website that looks identical to a legitimate site, where information can be collected, or malware can be downloaded.

In a whaling attack, victims may be encouraged to share sensitive data like payroll information, tax returns or bank account numbers, or they may be asked to authorise a wire transfer to a bank account that turns out to be fraudulent.

For attackers, the goal of a whaling attack is usually to steal money or data, or to get access to networks that can yield much larger ill-gotten gains.

MPs have recently been targeted in a number of varied attacks, including honeytrap and phishing campaigns, and so targeting a club which is frequented by Conservative party members is not surprising.

A former senior military intelligence officer adds that “this is a concerning development and yet another indication that we are effectively at cyber-war with Russia”.

Across the pond in the US, China are being held responsible for interfering with the Presidential elections via influence operations and misinformation campaigns. Whilst China has repeatedly denied any interference in elections, they have been accused of such behaviour previously in other countries, such as Canada back in 2019 and 2021.

In these instances, China leveraged Canadian officials to help favoured candidates win in the elections.



Report all Fraud and Cybercrime to Action Fraud by calling 0300 123 2040 or online. Forward suspicious emails to Report SMS scams by forwarding the original message to 7726 (spells SPAM on the keypad).



The contents of blog posts on this website are provided for general information only and are not intended to replace specific professional advice relevant to your situation. The intention of East Midlands Cyber Resilience Centre (EMCRC) is to encourage cyber resilience by raising issues and disseminating information on the experiences and initiatives of others. Articles on the website cannot by their nature be comprehensive and may not reflect most recent legislation, practice, or application to your circumstances. EMCRC provides affordable services and Trusted Partners if you need specific support. For specific questions please contact us by email.


EMCRC does not accept any responsibility for any loss which may arise from reliance on information or materials published on this blog. EMCRC is not responsible for the content of external internet sites that link to this site or which are linked from it.

bottom of page