Millions of malicious emails are still slipping past security filters

Criminals hunt for tired and distracted employees

When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.

Despite many companies investing heavily in getting defenses set up, millions of malicious email messages made their way to the end-user, placing many of them at risk of data breaches, fraud andransomware.

This is according to a new report from Tessian, which analyzed millions ofemailspassing through its email security tool between July 2020 and July 2021, finding that two million malicious messages bypassed “traditional email defenses”, such assecure email gateways.

The report hints that criminals are doing all they can to catch the victims off guard, tired, and distracted. For starters - most of the emails were sent during the holiday season in Q4 2020, with the last three months of the year seeing 45% more malicious emails compared to the quarter before.

With 90,000 emails detected during the Black Friday sales, November 2020 was the month with the highest email spike.

Targeted threats

Criminals then looked to send the email during the time of day when they believe victims are most likely tired or distracted - which was found to be either 2PM, or 6PM.

The contents of the emails themselves are similar - they’ll try to impersonate either a popular business, or an individual the victim knows, personally. Name spoofing was used in 19% of malicious emails, while domain impersonation was used in 11% of threats.

Just 2% of attacks were account takeover.

Are you a pro? Subscribe to our newsletter

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

Of all the different brands,Microsoft, ADP,Amazon,AdobeSign and Zoom were the most popular ones among crooks.

Spear phishing here to stay

On average, an employee would receive 14 malicious emails every year, the report claimed. However, not all industries are created equal, and with the average number of attacks at 49 - retail is by far the most attacked vertical.

Tessian’s CISO, Josh Yavor, says highly targeted spear-phishing email attacks are all the rage nowadays, “because they reap the biggest rewards.”

“The problem is that these types of attacks are evolving every day. Cybercriminals are always finding ways to bypass detection and reach employees’ inboxes, leaving people as organizations’ last line of defense. It’s completely unreasonable to expect every employee to identify every sophisticated phishing attack and not fall for them. Even with training, people will make mistakes or be tricked.

That’s why, Yavor concludes, businesses need a more advanced approach to email security, “because it’s not enough to rely on your people 100% of the time.”

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

Windows PCs targeted by new malware hitting a vulnerable driver

Dangerous Android banking malware looks to trick victims with fake money transfers

ChatGPT just got easier to find when you’re searching for something