What does 'whaling' refer to in phishing attacks?

Whaling refers to a specific type of phishing attack that focuses on high-profile individuals such as executives or other key decision-makers within an organization. These attacks are characterized by their tailored approach, where the attacker crafts highly personalized messages that often utilize information unique to the target, making it more likely that the victim will engage with the communication. Because of the high stakes involved, a successful whaling attack can lead to significant repercussions for the organization, such as financial theft, data breaches, or reputational damage.

The other options do not accurately define whaling. Attacking small businesses or targeting the general public involves broader phishing methodologies that lack the personalized, high-stakes focus of whaling. Similarly, email scams involving fake charities may employ deceptive techniques, but they do not specifically target high-profile individuals or executives as whaling does. Thus, the correct definition of whaling pertains explicitly to the deliberate targeting of high-profile individuals with phishing attacks that are custom-created for them.