Phishing is a type of social engineering based on impersonation and fraud. Typically a scammer sends a fraudulent message designed to trick a person into revealing sensitive information or to deploy malicious software on the victim’s device.
Email phishing
Most phishing is done via email, although voice calls and SMS can also be used effectively. The structure and content of the message will relate to the goal of the scammer. Often the message is designed to impersonates banks and financial services, email and cloud productivity providers, tech services and software, and popular entertainment streaming services.
Scammers may use any info gained from a phishing attack to directly steal money from a victim.
More sophisticated attacks often use one or more low level targets to gather info which is then used against more valuable targets. Examples: the theft of proprietary information, the installation of malware, or targeting people higher up within an affiliated organization.
Spear Phishing
Spear phishing is when a scammer targets a specific organization or person with custom made phishing attempt. Commonly these are emails that make the recipient think the email is legitimate and targeted to them specifically.
Spear phishers use personal information (gathered via automated scrape bots as well as actual direct research) about their target to improve the likelihood of success. Spear phishing typically targets people presumed to have access to an organization’s financial data and related services.
Clone Phishing
Clone phishing is when a legitimate, and delivered email message, with an attachment or link in it, has been used to create an almost identical (cloned) email message. However, the attachment or link within the email has been replaced with a malicious version and then sent from an email address spoofed to appear to come from the original sender.
It may claim to be a resend of the original or an updated version to the original. This implies that either the sender or the recipient has been previously hacked for the scammer to have obtained the original legitimate email.
NOTE: The above content has been inspired by a conversation with a client, then combined with and crafted from this lengthy wikipedia article. It was edited to improve readability and relevance using decades of personal experience explaining technology to normal people. It is offered here via the CC BY-SA 3.0 license.