NEW YORK (CBSNewYork)Phishing is one of the most popular and most effective ways that hackers gain access to sensitive data and computer systems.

And it seems to be happening more than ever. One security company found a 65 percent increase in attacks last year, CBS2’s cybersecurity expert Siobhan Gorman reports.

Here’s how it works: a hacker sends the victim a legitimate-looking email. It will direct them to a fake but authentic-looking website that will steal their username and password.

Or there will be an attachment that if opened, downloads spyware on their computer.

Sometimes these emails are carefully crafted for a particular person using details they have posted online. This is meant to make you think it’s from a trusted source, like a friend or family member, a government agency or a company you’ve done business with. These targeted emails are known as “spear phishing.”

To avoid the bait, the Federal Trade Commission recommends using software that can help block the phishing emails.

Also, watch out for:

• mistakes in grammar or spelling
• an appeal for an urgent response
• request for personal information

If you have any doubts, call the company. But don’t use the phone number in the email or message — look it up yourself.