Get All Access for $5/mo

How to Avoid One of the Biggest Email Hacking Threats Consider this advice to identify and avoid 'spear phishing' email -- cons designed specifically to target you and your business.

By Riva Richmond

Opinions expressed by Entrepreneur contributors are their own.

How to Avoid One of the Biggest Email Hacking ThreatsYou might have heard of something called "spear phishing." It's an attempt to hack your computer or your accounts, or to con you out of money, by using an email message that's tailored to you or your company. A phisher piques your interest with a conference invite, resume or invoice. But it's a ruse to get you to provide sensitive information such as passwords, click on an infectious attachment or website link, or participate in a shady deal.

These personalized, deceitful messages can be crafty and believable enough to slip by spam filters and other security protections and to trick you -- the last line of defense.

About one in every 300 emails in 2011 was a phish, according to security software maker RSA, a unit of EMC Corp. Entrepreneurs should be concerned because these emails are increasingly surfacing at the office. In a separate 2011 RSA Workplace Security survey, 45 percent of respondents said they had received a phish in their work email. Often, they are personalized "spear" messages to specific employees, sometimes including details mined from LinkedIn and other social networks to make them more plausible.

Spear phishing emails can be alarmingly effective. RSA, Google and a slew of large companies had valuable intellectual property stolen over the last two years in attacks that began with a spear phish of an employee. "They're aiming for fewer targets, but they're aiming for a higher yield," says Jason Hong, an associate computer science professor at Pittsburgh's Carnegie Mellon University and founder of Wombat Security Technologies, maker of a phishing filter and educational tools for companies.

Small companies have been targets of spear phish attacks, too. Last spring, an employee in receivables at a Wichita, Kan., ServiceMaster franchise opened an email tailored to her and unleashed a virus that scrambled her computer and sent spam to her contacts. The franchise's mail server was also upended and shut down for most of the following two days while a technology consultant cleaned up, the company says.

Related: Five Ways to Tame Your Inbox

Some spear phish attacks can cause more financial damage. Take PrintedArt, a Franklin Lakes, N.J., company that sells artwork. It has received several emails in recent months from supposed customers requesting unusual shipping arrangements requiring the firm to wire thousands of dollars to international shipping agents. But Klaus Sonnenleiter, the company's president, became suspicious that the agents were impostors and refused the orders.

Here's how you, too, can avoid getting reeled in by a phisher.

Use technology as the first line of defense.
Security technologies can block many phishing attempts before they reach anyone. Do the basics: use up-to-date antivirus software and spam filtering, and keep the software on your computers current with the latest updates -- especially Adobe products and Java, whose bugs have been heavily exploited by malware writers.

Specialized anti-phishing technologies can also help. Major web browsers use built-in blacklists that provide a safeguard against known phishing websites. Google's blacklist is used in the Firefox, Safari and Chrome browsers, while Microsoft's blacklist is used in Internet Explorer.

Related: Why You Should Consider Outsourcing Computer Security

And there are filters that use "heuristics," a set of rules used to detect phishing that can block some attacks but can also generate false alarms. Microsoft includes this technology in SmartScreen, a feature in Exchange, Hotmail and Internet Explorer, and many security-software makers include heuristics in their product suites.

Teach employees how to spot these phishing emails.
Unfortunately, spear phish are especially adept at beating security technologies because they often look like legitimate messages. When they contain malware, it's often tweaked to get past major antivirus products. And when emails direct victims to dangerous websites, the sites are often new and unknown to blacklists.

You must prepare employees to identify these types of emails. Experts say educating workers and instilling a healthy level of suspicion are effective in foiling phishers, who often use emotional triggers to create a sense of fear or urgency.

About 50 percent of people will fall for a reasonably good phish, say both Wombat and PhishMe, which provide anti-phishing training services. But they say employee education can whittle that number down to 10 percent or less.

Related: A Seven-Step Guide to Protecting Customer Privacy

Training programs usually start with sending employees fake phishing messages. If they fall for the ruse, they are given immediate online training about how to recognize scams and protect themselves by, for example, scrutinizing email addresses and website URLs.

If in doubt about the safety of an attachment, you can tell employees to forward the message to a Gmail account and view it safely in Google Docs, rather than download it to their computer, suggests PhishMe co-founder Aaron Higbee.

You also can encourage employees to use instant messaging and work together on documents using collaboration software, he says, making your company less reliant on unsecure email.

Riva Richmond is a freelance journalist who has covered technology for more than a decade. She focuses on computer security, privacy, social networking and online business and has written for The New York Times, The Wall Street Journal and other national publications. Previously, Riva was a technology reporter at Dow Jones Newswires and regular contributor to The Journal's "Enterprise" small business column.

Want to be an Entrepreneur Leadership Network contributor? Apply now to join.

Editor's Pick

Business News

Here's What the CPI Report Means for Your Wallet, According to JPMorgan and EY Experts

Most experts agree that there will be another rate cut next week.

Leadership

3 Ways Your Parenting Skills Can Improve Your Leadership Skills

Parenting and management offer valuable lessons in identifying talent, nurturing potential and fostering growth through encouragement and guidance.

Business News

'You Own Nothing Here on Social': Meta Outage, Looming TikTok Ban Has Creators Questioning How Much of Their Business They Really Control

With repeated tech outages and a possible TikTok ban on the horizon, creators are looking for new ways to influence. Turns out, one old-school way still reigns supreme.

Operations & Logistics

The Holidays Mean Vacation Time — But Disaster Can Still Strike. Is Your Crisis Plan Ready?

Holidays mean different working hours for companies and different schedules for employees that take off. Before you and your team enjoy some much deserved time off, it is important to put a crisis management plan in place so your business is ready to tackle any issue that crops up.