Phishing is not a new term in the e-security field. It refers to an attempt - typically by email - to trick or mislead a recipient into giving up valuable personal information. Phishing attempts often come in the form of an official-looking email from a bank, credit card company, or online service like eBay, which asks you to enter your username and password for a “routine verification” or something to that effect. If the recipient falls for the trick and enters his or her information, it is transmitted to the phisher and opens the door for a multitude of abuses. These phishing attempts are usually mass-mailed in hopes that, out of the thousands of recipients, a small handful will fall for the ruse.

As phishing attempts grow more sophisticated, it is becoming difficult to distinguish between legitimate and dangerous emails. One of the latest tricks has been dubbed “spear phishing,” and it refers to phishing attempts that are carefully crafted and targeted at particular individuals or groups rather than mass-mailed to a general audience.

David Bilinsky, the Practice Management Advisor and staff lawyer for the Law Society of British Columbia, recently blogged about one such spear-phishing attack involving the legal community. In that case, phishers sent emails to executives that purported to be US federal court subpoenas. When the executives clicked a link within the “subpoena,” their computers were infected with malware that gathered personal information including passwords and credit card numbers.

What can you do? Commercial anti-virus and anti-spam software may help reduce your risk to some extent, but the number one safeguard is caution. Be wary of emails from senders you don’t know. Review emails carefully for suspicious misspellings or obvious errors, and avoid clicking links or downloading files if you aren’t confident that they’re safe.