Spear-phishing involves a direct target. These are premeditated and much more effective thanks to a higher level of social engineering. These attacks usually go after specific criteria, such as database credentials.
Whaling is simply spear-phishing, but going after high profile targets, such as celebrities or C-Level executives.
Vishing is phishing over telephone systems. It is more common to vish on response (requiring the victim to call-back), rather than directly vish with an initial phone call
No matter what type of phishing attack is used, the same security practices outlined above should apply; especially in the cases of spear-phishing, since they can be quite custom, making it more important to detect at the earlier stages (baiting/hooking).
Derek Manky, is Fortinet's senior security strategist
Sign up for CIO Asia eNewsletters.