a. spear-phishing has more specific targets than phishing
The difference between phishing and spear-phishing basically lies in the target. Phishing is a form of malicious software sent to a large number of people, probably through their e-mails, with the hope that a small percentage will fall victim to the attack.
Spear-phishing, on the other hand, is targeted at just one person. The person and his itinerary are studied and a message is designed to apply to that person and elicit his interest. Clicking on the message or link exposes the person's device to attack and unauthorized information might be obtained or malware is installed.