Despite Gen Y’s love for sending text messages, email is still the most common form of electronic communication, especially in the business world. So, the last thing that you want is to have your or an employee’s email to get compromised by a hacker. One common email hacking method is something called “spear phishing,” and you would be wise to avoid it if you can.
Search Security defines spear phishing as “an email spoofing fraud attempt that targets a specific organization, seeking unauthorized access to confidential data.” Spear phishing emails can look like résumés from job applicants, invoices from vendors or invitations to conferences. The hacker’s goal is to get the recipient to share confidential information such as usernames and passwords, click on links to malicious websites, open tainted documents or get involved in some kind of underhanded activity.
In her article for Entrepreneur.com, Riva Richmond warns that spear phishing emails are crafty. Hackers will address the emails to specific employees and even go so far as to mine LinkedIn for enough information to lend the emails greater credibility. Both large and small companies have fallen victim to frighteningly plausible spear phishing emails, which resulted in the loss of intellectual property, among other things.
Because it’s so difficult to discern a spear phishing email from a legitimate one, Carnegie Mellon University associate computer science professor and founder of Wombat Security Technologies Jason Hong created a phishing filter. Hong also provides free email training demos to help you and your employees to become more adept at recognizing nefarious email messages.
Nobody wants to fall victim to a spear phishing email. There are ways to recognize them such as receiving a résumé when your small business isn’t hiring. Trying Hong’s phishing filter could certainly be helpful, but it’s still a good idea to teach your employees how recognize and report dubious emails. Because even a phishing filter can make mistakes.