Just because spammers know your birthdate, or the last time you bought something at The Gap, doesn't mean it's legitimate. In fact, because phishing works in conjunction with password stealing Trojans and other forms of malware, you can expect to see more attacks that target victims with detailed and personal information, experts say.

One example occurred last November, when Salesforce.com received national attention after a phisher tricked an employee into revealing a password in a well-researched and highly targeted attack affecting 30,000 customers. The password then gave the phisher access to a customer contact list full of customer data such as e-mail addresses and telephone numbers. It wasn't long after the attack that Salesforce customers began receiving bogus e-mails in the form of company invoices.