Executive spear phishing, or whaling, targets high-level leaders to authorize fraudulent transactions and steal sensitive data, requiring vigilant defense measures. Effective strategies include verifying requests via out-of-band communication, implementing phishing-resistant security keys (FIDO2), and enforcing a "pause" protocol for urgent requests.