"Targeted emails that tempt a user to click a hyperlink are among the most prevalent methods of infecting computers with malware or of stealing information," Top Layer's Paquette told TechNewsWorld.Spear phishing is all over the infosec news at the moment, with Google disclosing spear phishing attacks against Gmail users, and then various infosec/antivirus companies following up with stories about phishing attacks on other webmail users.
The truth is that spear phishing has been around for several years, and it is known to be effective using all forms of email and in fact other messaging systems, not just webmail: the common factor is that the recipient is a human being. How they get the message is irrelevant. Even a note on the windshield would work. The really worrying part is that some of the attacks are almost certainly so stealthy that victims don't even know they have been hit. Colour me paranoid ("You're a paranoid infosec freak, Gary!!") but my default response to any contact from strangers, and even out-of-character contacts from my friends and acquaintances, is to doubt their motives. I hope my cynicism doesn't upset too many genuine contacts, but personally I'd rather put a few on edge than blithely accept everything that plops into my inboxes. And yet still I worry that I might have fallen for a scam.