If you have had an email address in the last year, you have probably received more than a handful of "phishing" emails. These increasingly common email messages are designed to appear like authentic messages from recognized businesses such as eBay, Amazon or Bank of America. The content of the message usually includes some sort of instruction for logging on to your account and updating your personal data online. When you click on the links included in these emails you are directed to a website set up by identity thieves exclusively to steal your data. This has become such a popular tactic for thieves that many websites now include detailed tutorials on identifying phishing fakes.

Recently, the phishing trend started to take on new dimensions. Not only are phishing emails becoming harder to identify, they are also getting much more sophisticated. "Spear phishing" is the practice of sending a targeted phishing email to a small segment of people. For example, employees of a certain company may be targeted with a phishing email that appears to be from their employer or from someone within the company. Spear phishing is usually designed to steal company information or access to sensitive computer records as opposed to personal identity information.

This may sound like part of a far-fetched plot in an episode of "Alias," but spear phishing is unfortunately a reality. A recent PC World article highlighted the growth of this crime: "According to IBM's Global Security Index report, intercepted spear-phishing attempts exploded from a mere 56 instances in January to more than 600,000 cases in June [2005]."

How can you protect yourself from this targeted crime?  Be suspicious of any email asking you for usernames, passwords, account updates or personal information, even if this email appears to be coming from a trusted source. If you receive an email that you suspect is spear phishing, don't click on the links. One click could be all it takes for the thief to gain access. If a suspicious email appears to be coming from your company's IT or HR department, call their office to confirm that the email is authentic before you proceed. These departments should also avoid sending emails that could appear to be phishing and establish safe email policies for employees to follow. Understanding spear phishing and being cautious about suspicious email can help protect your identity and your company's privacy.