As email users grew wary of phishing attempts, cybercriminals have had to change their tactics and their lures. Today, phishers are churning out much more convincing and effective emails. Not only are the most persuasive specimens well-written, they are also often personalized, addressing the recipient by name. In addition, they replicate the look and feel of authentic emails from legitimate businesses down to the fonts, footers, logos and copyright statements those companies use in electronic correspondence with their customers.

The result of these refinements has been an explosion in phishing attempts. In 2011, approximately one out of every 300 emails circulating the web was deemed to contain elements indicative of phishing, according to "The Year in Phishing," a report from RSA. The cumulative number of phishing attacks recorded that year was 279,580, a 37 percent increase over 2010, by RSA's count.

RSA says that phishing attacks are on the rise despite heightened user awareness in part because they've become so easy for cybercriminals to execute. Malware writers have created automated toolkits that fraudsters use to easily create and host phishing pages. On average, every phishing attack nets a $4,500 profit in stolen funds for the perpetrator, according to RSA.

Because phishing attacks are easier for cybercriminals to produce and more convincing than ever, RSA predicts even more of them in 2012. To help you and your end-users determine whether those suspicious emails in your inboxes are legitimate or phishing scams, CIO.com asked Daniel Peck, a research scientist with Barracuda Networks, a provider of email and web security products, to analyze a particularly convincing specimen allegedly from American Express. We include below a copy of the email in question, along with Peck's tips for discerning the validity of suspicious emails.