I used to think of phishing emails as just more spam. It turns out that they are fundamentally different: whereas spam seeks to sell, phishing seeks to steal. Phishing does share some technical features with spam, but adds layers of deception (even simulating legitimate websites) to commit fraud. Most IT professionals have seen enough phishing emails cross their inbox to understand the material.
This post is to call attention to an interesting presentation by SANS on phishing. It is listed as the October 11, 2005 webcast entitled “Tool Talk: The Anatomy of a Phishing Email” on the SANS webcast archive page at
https://www.sans.org/webcasts/archive.php
Phishing has evolved somewhat since it was originally broadcast. For example, it is now common to hear about spearphishing (more selective phishing) and whaling (highly selective phishing). Whaling is targeted at individuals with high net worth or some other characteristic that makes the ability to impersonate them especially valuable.
Although these phishing variants have become better-known since the webcast originally appeared, I still found it to be interesting and informative.
See the Howto for information on how to access a SANS webcast.