Phishing and spear-phishing
The generally accepted definition is “an attempt to obtain confidential information by pretending to be a trusted entity in cyberspace”. Well designed phishing attacks may use electronic mail details that appear genuine (the address of the sender looks like a genuine organization, for example a bank, and may include a link to a fake website designed to look like the real thing, where the victim is asked to enter confidential information (login, password, credit card details, etc.) and/or infect the victim’s computer with malware planted on the fake web page.
Spear Phishing is a more sophisticated form of this attack that targets specific individuals (often corporate managers) using messages that indicate knowledge of the person (title, nickname, other) with the same intent. The plausibility of the message makes it easier for the message to be accepted as genuine.
Why it this an issue?
Because this has become a widespread practice done well enough to take advantage of the unaware. The most likely targets are those who have visibility due to their professional roles.
What you should do about it
First and foremost, remember that a government department, business or any other entity, will oten accept and even encourage you to transact online – at your initiative and will have taken adequate precautions to protect your data. his applies to doing your tax returns online, electronic commerce, online learning and much more.
On the other hand, these entities would NEVER send you a request asking you to provide sensitive or confidential information by e-mail, particularly one including a link to follow.
If in doubt, question the entity that sent you the (potentially phishing) message as to its authenticity by phone, not by e-mail as the e-mail address may be a fake.
Spear phishing practices include faking the e-mail address of somebody you may know to send you an attachment with a plausible name that contains a purpose-designed item of malware. You should not download or open such an unexpected attachment as it may include software that can run infect your machine and those of others in the same network.
Deleting such e-mails may be an unexciting chore that adds to the pressure of your daily activities. It’s good to remember the title of a book by Andy Grove (Intel’s CEO in its early days). It was “Only the paranoid survive”.