Phishing - Don't take the bait!
Simply put, “Phishing” is a fraudulent attempt to acquire your confidential information such as usernames, passwords, bank, or credit card details. This is achieved by sending you a spoof email, and redirecting you to a fake website that has a similar look and feel as the legitimate site. As a general rule, legitimate organisations will not ask you for user names / passwords. These emails tend to have a generic look about them, and are not generally targeted at you specifically.
In recent years, there has been a move towards "spear phishing" This is a targeted form of phishing in which fraudulent emails
target specific individuals within organisations in an effort to gain access to
confidential information. Its tactics include impersonation, enticement
and access-control bypass techniques like email filters and antivirus.
The objective of spear phishing and phishing are ultimately the same—to
trick a target into opening an attachment or click on a malicious
Below is a video developed by the CPNI (Centre for the Protection of the National Infrastructure) explaining how a Spear Phishing attack may appear.
There's also a one page summary covering the points in the videodont_take_the_bait.pdf