From csoonline.com
Phishing is a social attack, directly related to social engineering. Commonly centered around email, criminals use phishing to obtain access or information. Phishing attacks can be basic or customized toward the victim and their organization.
A phishing attack with a directed focus is called spear phishing. If, for example, the criminal were targeting a group or person within a company, they’d use spear phishing to make the email look and feel legitimate. Usually this is done by using the victim’s correct name and title, referencing legitimate projects, known co-workers, or spoofing an email from a senior executive.