Phishing is when an attacker sends an email (or other electronic message) to a user, in an attempt to trick them into disclosing sensitive information.
Because sending large volumes of email is relatively cheap, an attacker can bulk-mail a list of potential victims in a phishing attack. Only a small number of recipients need to fall for the scam for it to be successful.
Email service providers and browser vendors put a lot of effort into protecting their users from phishing attacks. Email services will automatically delete malicious emails when they are detected, and browsers will warn users when they are about to visit a malicious site. For this reason, phishers often use open redirects to bounce traffic from trusted sites to their intended, malicious destination. This allows them to circumvent any protections put in place by an email service provider.
Spear phishing describes phishing attacks aimed at specific individuals or communities, which has become more common in recent years.