The best way to understand attacks, so that you can protect yourself, is to understand exactly how they're used.
Phishing is used to get you to give up valuable (or at times invaluable) information about yourself. They would use spoofing to create a fake e-mail.
A common phishing tactic is to try to get a user's password. For example, an e-mail could be sent from a bank e-mail address (spoofed), explaining to the user that due to a recent change in processes or a recent security threat that the user must change their password. Included in the e-mail would be a link to a site that mirrors the bank's regular web page. The fact of the matter is, the web page the user landed on is actually a fake website, created to look exactly like the real thing. The user tries to log into their account, thinking it's really their account, and gives away their password.
Spoofing is not intended to steal this information but to actually make you do something for them.
A common spoofing tactic is to send an official looking e-mail which has a link inside that contains malicious malware. For example, during holiday seasons, an e-mail could be sent from a greeting card service's e-mail address (spoofed), with a link that says 'Your friend sent you a gift card! Click here to see it!' In some cases, if they've already infected a user, they can replace the 'Your friend' portion with their actual name! The malware would grab their name from their e-mail account and use it. The minute the link is clicked, the malware installs itself, steals your name from your preferred e-mail account, grabs all your e-mail contacts, and sends e-mails to them, this time with your name on it! And the cycle continues.