Spear phishing describes when phishing is done with specific targets in mind; this allows messages to these people to appear more legitimate, or as if they are being sent by a legitimate user. For example, a person may get an offer from an organization that he knows. He might click on it and provide confidential information, perhaps to log-in to the website. In reality, the message is not from the actual organization, and he has given his credentials to the actual site to the spear-phisher.