What is Phishing?
Phishing is an act of fraudulently contacting multiple individuals or companies, in an attempt to obtain unauthorized access to sensitive / personal information. Phishing is a broad attack, using general information to elicit a response, not specifically targeting any one individual but using generalizations in the attempt claim validity to an information request. The request can seem trivial at the time but any information attained could be a used in the theft of a victims important information.
Spear Phishing is the targeting of a specific individual in the hopes to attain personal / restricted information. Similar to Phishing, but this time the attacker is more aware of the target, usually already knowing the name, address, email and phone number of the victim prior to the initial contact. A Spear Phishing target can be provided seemingly private information from a trustworthy source before information is requested, eventually leading to data theft.
Whaling is a term used for corporate level Phishing attempts. Taking the Spear Phishing approach to a higher level, Whaling targets are usually in upper level management or hold access to valuable restricted information. Much of the same means are used in Whaling attempts as Spear Phishing but the attacker will be very familiar with the target prior to making contact and communications will appear highly professional.
How to protect your self
NOTE: Suggestions for avoiding Phishing exploits are provided in an attempt to help ensure sensitive data isn't put at risk unnecessarily. It is not intended to be a comprehensive guide or address all possible exploit variations (ie, some social engineering exploits are performed in SMS text or in-person rather than email). Vigilance in safeguarding your sensitive data applies to all avenues of contact.