Phishers and hackers continue to get more creative and more sophisticated in their attacks. A recent trend is to write very specialized attack messages targeting rank-and-file employees. One example is a personal email that appears to come from the company's HR manager. The message included the HR manager's name (it was posted on the company's website) and asked the employee to review a .pdf attachment to confirm vacation accruals. The attachment was a malicious trojan.
Luckily, many of these attacks are blocked by our anti-virus software but some will always get through. Be on the lookout for these kinds of scams. If you see a message that looks suspicious, do not open it, even if it appears to come from someone you know. If you're unsure about the message, call the alleged sender and just ask if he/she really sent it.
If you run a business, make sure that your staff know about these scams, too. Make sure you set a culture of security where it's safe for the employee to call you and confirm a message's legitimacy. (If you're the one writing the messages and you're getting a lot of calls, check out "How not to look like a phish".)