Join top executives in San Francisco on July 11-12, to hear how leaders are integrating and optimizing AI investments for success. Learn More

Two million malicious emails slipped past traditional email defenses, like secure email gateways, between July 2020-July 2021, according to a new report from human layer security company, Tessian. These emails were detected by Tessian’s platform and analyzed by the company’s researchers to reveal the tactics cybercriminals use to make advanced spear phishing attacks bypass detection and deceive their victims.

Cybercriminals predominantly set their sights on the retail industry during this time, with the average employee in this sector receiving 49 malicious emails over the year. This was 3x more than the average 14 malicious emails that were received per user, per year, across all industries.

To evade detection, attackers used impersonation tactics. The most common was display name spoofing, where the attacker changes the sender’s name and disguises themselves as someone the target recognizes. This was used in 19% of malicious emails detected while domain impersonation, whereby the attacker sets up an email address that looks like a legitimate one, was used in 11%. The brands most likely to be impersonated were Microsoft, ADP, Amazon, Adobe Sign, and Zoom.

Account takeover attacks were also identified as a major threat, with employees in the legal and financial services industries receiving this type of attack most frequently. In this instance, the malicious emails come from a trusted vendor or supplier’s legitimate email address. They likely won’t be flagged by a secure email gateway as suspicious and to the person receiving the email, it would look like the real deal.


Transform 2023

Join us in San Francisco on July 11-12, where top executives will share how they have integrated and optimized AI investments for success and avoided common pitfalls.


Register Now

Interestingly, less than one quarter (24%) of the emails analyzed in the report contained an attachment, while 12% contained neither a URL nor file — the typical indicators of a phishing attack. Evidently, attackers are evolving their techniques in order to evade detection, trick employees and, in some cases, build trust with their targets before delivering a payload.

According to Josh Yavor, Tessian’s Chief Information Security Officer, this report highlights why it’s unreasonable to rely on employees to identify every phishing attack they receive and not fall for the deception. There are too many varieties and attacks are getting harder to detect, he says.

Read the full report by Tessian.

VentureBeat's mission is to be a digital town square for technical decision-makers to gain knowledge about transformative enterprise technology and transact. Discover our Briefings.