A new approach to standard email phishing scams has been reported targeting senior executives in California, coining a new term in the process - whaling. Whaling, then, is for phishing scams that target big fish. This particular email appears to come from a court in California and includes the target's name, company, and phone number to give it an air of authenticity. There are some useful lessons we can all pick up from this.

The first lesson is to appreciate just how easy it is for anyone to copy genuine images from a web site and include them in an email. Just because an email has the logo of a bank or other institution does not prove it is really from them. It is astonishing to me that anybody can be fooled by such simple tricks, but they are. The second lesson is to realise just how insecure your personal data is. Your name, the company you work for, and your phone number probably appear openly all around the web. Certainly if you have it on Facebook or any other business or social networking site, so seeing those on an email should not persuade you the email is legitimate.

A dead giveaway will be poor spelling or grammar, or even just bad manners. No bank will send you an email and "order" you to do something such as log into your account and reset your password, as some phishing emails have done. And aside from glaring spelling errors, this particular attempt gave the game away by using British English spelling when purporting to come from an American court of law. The whole story can be read at the link at the foot of this article, it makes fascinating reading.

The most important safety check to be aware of, however, is to always inspect the web site address of any link before you click on it. Look at the address as it is given in the email and compare it with the address that appears in the address bar when you hover your mouse over it. They should be the same, if not, it is a fake. Also read the address carefully, you should recognise it as a genuine address. Scammers often use obscure gobbledygook addresses and seeing one like that should again tell you it is a fake.

If however you do click on the link, do not simply assume the site you have landed on is genuine. Too many people do that, and as I have already said, anybody can copy images from a genuine web site and make a mock-up that looks just like it. So inspect the web address again. Is it the one you thought you saw when you clicked on the link in the email? Does it look like a genuine email address?

A further safety measure would be to never click on links in such emails. If you think it might be genuine, go to Google, search for the institution the email purports to be from, and compare it with he link Google gives you. If in doubt, click on the link from Google and not in the suspect email, especially if it is somewhere you are going to have to log into. In any event, do not automatically download any programs from a site you have been arrived at by clicking on a link in a suspect email. If, for example, it tells you to download the latest version of Adobe Reader, go to the Adobe site yourself, don't just click on the link on the suspect site and download whatever they send you. Use Google again to find the genuine site.

You can read about the scam here
.