Gone Spear-Phishin' - New York Times: "More recently, however, a hybrid form of phishing, dubbed 'spear-phishing,' has emerged and raised alarms among the digital world's watchdogs. Spear-phishing is a distilled and potentially more potent version of phishing. That's because those behind the schemes bait their hooks for specific victims instead of casting a broad, ill-defined net across cyberspace hoping to catch throngs of unknown victims.
Spear-phishing, say security specialists, is much harder to detect than phishing. Bogus e-mail messages and Web sites not only look like near perfect replicas of communiques from e-commerce companies like eBay or its PayPal service, banks or even a victim's employer, but are also targeted at people known to have an established relationship with the sender being mimicked.
And spear-phishing is usually not the plaything of random hackers; it is more likely, analysts say, to be linked to sophisticated groups out for financial gain, trade secrets or military information. While hard data about spear-phishing incidents is hard to come by and some security vendors may have a vested interest in hyping potential threats, veteran security analysts describe spear-phishing as one of the more insidious cybercrimes they have encountered and one that has been underpublicized because victims are hesitant to come forward."