BETA
This is a BETA experience. You may opt-out by clicking here

More From Forbes

Edit Story

The 8 Latest Malicious Email Threats And Trends That Can Create A Business Crisis

Following
This article is more than 2 years old.

The weakest links in defending companies against malicious emails can be the employees who open the emails in the first place. Once opened, the emails can quickly create a variety of cyber-related crisis situations for business leaders.

A new report from email security company Tessian found that cybercriminals are adopting increasingly sophisticated tactics. It analyzed two million malicious emails that managed to bypass traditional email defenses between July 2020 and July 2021.

The company said the report was the first-of-its-kind to identify trends among malicious email threats and attacks, the most impersonated brands, and the most popular times for hacking attempts. 

Vulnerabilities

The vulnerabilities identified in Tessian’s report that make employees and their companies more susceptible to malicious emails included the following. 

Distractions

  • 45% of employees said they clicked on a phishing email because they were distracted.
  • 1 in 3 (29%) employees said they clicked a phishing email because they weren’t paying attention

Stress

  • Over half (52%) of workers said they made more mistakes when they’re stressed.

Spoofing

  • To evade detection and trick employees, attackers used different impersonation techniques.
  • The most common tactic was display name spoofing (19%), which is when the attacker changes the sender’s name and disguises themselves as someone the target recognizes.

Links

  • 44% of the malicious emails included a URL link.

Impersonation

  • Domain impersonation—-when the attacker sets up an email address that looks like a legitimate-—was used in 11% of threats detected by Tessian.
  • The brands most likely to be impersonated in the malicious emails that were analyzed included Microsoft, ADP, Amazon, Adobe Sign and Zoom.

Industries

  • The retail industry was targeted most often. The average employee in this sector received 49 malicious emails a year, higher than the overall average of 14 emails detected per user, per year.
  • Employees in the manufacturing industry were identified as major targets, with the average worker receiving 31 malicious emails a year.

Time Of Day

  • Most malicious emails were delivered between 2 p.m. and 6 p.m. in the apparent hope that a phishing email that is sent during the late afternoon would slip past a tired or distracted employee.

Time Of Year

  • Attackers capitalized on specific times of the year.
  • Tessian found the biggest spike in malicious emails immediately before and following Black Friday, when many people expect to receive a surge of emails touting deals, and attackers can leverage the “too-good-to-be-true” deals and use them as lures in their scams.

Advice For Business Leaders

Update Crisis Management Plans

Companies should immediately update their crisis management plans to account for the latest email threats, and incorporate malicious email worst case scenarios when testing their responses to different scenarios.

Phishing Attacks Are Here to Stay

“Gone are the days of the bulk spam and phishing attacks, and here to stay is the highly targeted spear phishing email. Why? Because they reap the biggest rewards,” said Josh Yavor, Tessian’s chief information security officer.

‘Evolving Every Day’

“The problem is that these types of attacks are evolving every day. Cybercriminals are always finding ways to bypass detection and reach employees’ inboxes, leaving people as [their] organizations’ last line of defense. It’s completely unreasonable to expect every employee to identify every sophisticated phishing attack and not fall for them. Even with training, people will make mistakes or be tricked,” Yavor observed.

“Businesses need a more advanced approach to email security to stop the threats that are getting through—the attacks that are causing the most damage—because it’s not enough to rely on your people 100% of the time,” he advised.

Follow me on Twitter or LinkedInCheck out my website or some of my other work here