*Phish: n., A person who will click an unsolicited email link based on assumption. (see mirror).
I understand the concept of internet phishing and newer web browsers sometimes ask me if I want to check whether a website is a phishing site, but what the heck is internet spear phishing?
Spear phishing is precisely timed and targeted email phishing.
Phisherpersons shine attractively bright lights above the surface so that phish will gather closely to be easily speared. Recent greeting card and employment solicitation email scams have been used to lure internet users into providing personal information and opening their systems to malware infestation.
Infected web ads linked back to servers with information acquired from topic-focused community and commercial websites, tied together by self-modifying variants of the Storm email worm and the PRG Trojan, appear to be being used in concert to infect workstations for botnet expansion and to collect personally identifying information for financial exploitation.
Existing information is used to craft emails designed to catch targeted victims' interest so they will open the email(s) and click one or more of the links contained inside. Keep your antivirus software up to date.
There is still a place for plain text email in one's personal security posture. Pocket computers are especially vulnerable as the operating systems and applications typically hide access to email headers and raw URL href text that can be used to determine whether to trust that an email is valid.
Just say no to responding to unsolicited emails from unknown sources. Spear phishing only works when the phish come to the surface. Stay smart.