Spear-phishing, which first started appearing about five years ago, and its more recent incarnation of phishing attacks, known as long-lining, are types of phishing attacks that are much more personalized and targeted at specific businesses or institutions. These attacks do a much better job of presenting themselves as legitimate emails, usually in the form of properly-formatted and spell-checked messages from other departments within an organization, or as clones of official emails from trusted external organizations, like a bank. In many cases, the goals of these attacks are very specific: compromise security to obtain proprietary information that can be used for explicit gains.
Unlike a broad-based phishing attack, these more sophisticated approaches appear to come from people or groups that the recipient would normally respond to, such as people up the chain of command or IT security groups within the organization. The messages also don’t contain payloads that would trigger scanner software or average security measures. Links within the messages appear to be correct, and, in fact, may well be.
Complete, spoofed copies of vendor sites may be built, with the goal of getting the user to go to the site and enter information that will compromise security, preferably without them realizing it.