Whaling is spear phishing targeting senior executives — leveraging their authority to request wire transfers, W2 data, or system access. High-value targets with high-value outcomes.
Whaling emails often appear to be from boards, law firms, or regulators. Defense: executive security awareness training, out-of-band verification of financial requests, anti-spoofing controls (DMARC), DKIM.