Spear-Phishing is a form of phishing attack that targets a specific person or organization, seeking access to sensitive information. Similar to phishing, this is done through spoofing emails that appear to be legitimate, but not to a bulk list of random email addresses. Whaling is similar as well, but is done by targeting high-ranking executives and attempting to gain access to their information or data.
Education is the key to providing solid protection for your company against spear-phishing, whaling, and phishing attacks alike. Testing your employees with Phish-testing is also an excellent way to hold people accountable. You should aim to reduce your “Click-Rates” down to less than 5% after completing 6 months to 1 year of staff training.