Phishng attacks are quite common.  But what is worrying IT managers now are spear phishing attacks, wherein the criminals attack a few targeted individuals and this could include your CEO

The worrying aspect about spear phishing is that the criminals research their victims in advance and send mails which look genuine and coming from a colleague.  This lends more credibility to the mail and this can easily cause a victim to click on a seemingly genuine link or attachment and this could cause a Trojan to be implanted in the victim's computer.

In designing targeted messages and selecting recipients, criminals use not only relatively sophisticated software tools, but also the reams of publicly available information about corporate executives. Top executives of companies often reveal a lot of confidential information on Social networking sites and this compounds the problem by providing criminals with lot of information which they can use while planning a phishing attack. 

Security professionals and executives need to take extra care to guard against such targeted phishing attacks.   Following are a few guidelines that could help them in the war against such attacks:

• Use anti-malware and anti-virus applications and ensure that they are kept up to date.
• Ensure that operating systems are patched
• Educate executives on the need to follow secure practices while using a PC
• Use social networking sites with great care and avoid divulging too much information
• Always use a VPN when linking to corporate network from outside.
•  Never send confidential information or use banking websites while browsing from an unsecure WiFi connection