Phishing occurs when an individual or group falsely poses as a legitimate organization, such as a bank or credit card company, in order to trick a victim into submitting personal information online. This is usually done by instructing the user to click on a link that leads to a fake website designed to look legitimate. In other cases, criminals pose as charities soliciting donations to aid humanitarian efforts.
Then there is “spear phishing,” a tactic in which messages appear to be from actual co-workers, friends or family members. Instead, these messages are from hackers who were able to access an individual's email account and subsequently use that individual's address to send phishing emails to all of the individual's contacts.
To avoid falling prey to the wide variety of phishing scams, please follow these guidelines:
The U.S. Computer Emergency Readiness Team website offers more information on how to avoid and respond to phishing scams: http://www.us-cert.gov/
In addition, please read Gallagher's security document: Gone Phishing - Cyber Risk Management.