What is the difference between phishing, spear phishing, and whaling?

Phishing is a broad attack sending fraudulent emails to many recipients impersonating legitimate organizations to steal credentials or deliver malware. Spear phishing targets specific individuals or groups using personalized information gathered from social media or prior reconnaissance to increase credibility. Whaling targets senior executives, board members, or other high-value individuals with highly customized attacks often referencing real business matters.