Phishing is when a hacker sends an email that appears to come from a known contact or organization. The message would contain a link or attachment that would either install malware on the device which would then gather account and passwords or would direct them to a fictitious website that would trick the target into giving up passwords or account information.
Spear-Phishing elevates the attack by personalizing the message. Instead of sending it to everyone on a contact list, it would be sent only to a select group or just an individual. The attacker gathers information about their target first so that the message can include personal information; making it seem even more trustworthy.
Whaling attacks use the same principles as phishing but target high profile individuals such as politicians, celebrities and corporate executives.
Now that you know the terms, these attacks are dependent upon YOU opening the door and letting the attacker inside. Remember the best prevention is training, training, training! Well trained employees are much less likely to fall for Phishing, Spear-Phishing or Whaling attacks!