You can be on Entrepreneur’s cover!

How to Avoid One of the Biggest Email Hacking Threats Consider this advice to identify and avoid 'spear phishing' email -- cons designed specifically to target you and your business.

By Riva Richmond

entrepreneur daily

Opinions expressed by Entrepreneur contributors are their own.

How to Avoid One of the Biggest Email Hacking ThreatsYou might have heard of something called "spear phishing." It's an attempt to hack your computer or your accounts, or to con you out of money, by using an email message that's tailored to you or your company. A phisher piques your interest with a conference invite, resume or invoice. But it's a ruse to get you to provide sensitive information such as passwords, click on an infectious attachment or website link, or participate in a shady deal.

These personalized, deceitful messages can be crafty and believable enough to slip by spam filters and other security protections and to trick you -- the last line of defense.

About one in every 300 emails in 2011 was a phish, according to security software maker RSA, a unit of EMC Corp. Entrepreneurs should be concerned because these emails are increasingly surfacing at the office. In a separate 2011 RSA Workplace Security survey, 45 percent of respondents said they had received a phish in their work email. Often, they are personalized "spear" messages to specific employees, sometimes including details mined from LinkedIn and other social networks to make them more plausible.

Spear phishing emails can be alarmingly effective. RSA, Google and a slew of large companies had valuable intellectual property stolen over the last two years in attacks that began with a spear phish of an employee. "They're aiming for fewer targets, but they're aiming for a higher yield," says Jason Hong, an associate computer science professor at Pittsburgh's Carnegie Mellon University and founder of Wombat Security Technologies, maker of a phishing filter and educational tools for companies.

Small companies have been targets of spear phish attacks, too. Last spring, an employee in receivables at a Wichita, Kan., ServiceMaster franchise opened an email tailored to her and unleashed a virus that scrambled her computer and sent spam to her contacts. The franchise's mail server was also upended and shut down for most of the following two days while a technology consultant cleaned up, the company says.

Related: Five Ways to Tame Your Inbox

Some spear phish attacks can cause more financial damage. Take PrintedArt, a Franklin Lakes, N.J., company that sells artwork. It has received several emails in recent months from supposed customers requesting unusual shipping arrangements requiring the firm to wire thousands of dollars to international shipping agents. But Klaus Sonnenleiter, the company's president, became suspicious that the agents were impostors and refused the orders.

Here's how you, too, can avoid getting reeled in by a phisher.

Use technology as the first line of defense.
Security technologies can block many phishing attempts before they reach anyone. Do the basics: use up-to-date antivirus software and spam filtering, and keep the software on your computers current with the latest updates -- especially Adobe products and Java, whose bugs have been heavily exploited by malware writers.

Specialized anti-phishing technologies can also help. Major web browsers use built-in blacklists that provide a safeguard against known phishing websites. Google's blacklist is used in the Firefox, Safari and Chrome browsers, while Microsoft's blacklist is used in Internet Explorer.

Related: Why You Should Consider Outsourcing Computer Security

And there are filters that use "heuristics," a set of rules used to detect phishing that can block some attacks but can also generate false alarms. Microsoft includes this technology in SmartScreen, a feature in Exchange, Hotmail and Internet Explorer, and many security-software makers include heuristics in their product suites.

Teach employees how to spot these phishing emails.
Unfortunately, spear phish are especially adept at beating security technologies because they often look like legitimate messages. When they contain malware, it's often tweaked to get past major antivirus products. And when emails direct victims to dangerous websites, the sites are often new and unknown to blacklists.

You must prepare employees to identify these types of emails. Experts say educating workers and instilling a healthy level of suspicion are effective in foiling phishers, who often use emotional triggers to create a sense of fear or urgency.

About 50 percent of people will fall for a reasonably good phish, say both Wombat and PhishMe, which provide anti-phishing training services. But they say employee education can whittle that number down to 10 percent or less.

Related: A Seven-Step Guide to Protecting Customer Privacy

Training programs usually start with sending employees fake phishing messages. If they fall for the ruse, they are given immediate online training about how to recognize scams and protect themselves by, for example, scrutinizing email addresses and website URLs.

If in doubt about the safety of an attachment, you can tell employees to forward the message to a Gmail account and view it safely in Google Docs, rather than download it to their computer, suggests PhishMe co-founder Aaron Higbee.

You also can encourage employees to use instant messaging and work together on documents using collaboration software, he says, making your company less reliant on unsecure email.

Riva Richmond is a freelance journalist who has covered technology for more than a decade. She focuses on computer security, privacy, social networking and online business and has written for The New York Times, The Wall Street Journal and other national publications. Previously, Riva was a technology reporter at Dow Jones Newswires and regular contributor to The Journal's "Enterprise" small business column.

Want to be an Entrepreneur Leadership Network contributor? Apply now to join.

Editor's Pick

Business Solutions

Keep Inspiration in Reach with Nix Color Sensor, Now $60 for One Week Only

Scan any surface and get a detailed report of the color you're looking for.

Business News

James Clear Explains Why the 'Two Minute Rule' Is the Key to Long-Term Habit Building

The hardest step is usually the first one, he says. So make it short.


Look Sharp with This Gillette Body Razor Set for $15

This Gillette Body Razor comes with nine refill blade cartridges and is on sale for $14.99 (reg. $24) for a limited time only.

Business News

This Woman Was Drowning in Debt Before She Tried 'Cash Stuffing.' Now She's Made The Highly Effective Practice a Full-Time Business.

A Texas woman was $80,000 in debt before she tried a method of budgeting called "cash stuffing." Now, she's not only paid off her debt but turned the budgeting practice into a full-time business to help others save.

Business Ideas

63 Small Business Ideas to Start in 2024

We put together a list of the best, most profitable small business ideas for entrepreneurs to pursue in 2024.

Business Solutions

Set Your Team up for Success and Let Them Browse the Internet Faster

With ad blocking, Control D is $35 through April 21.