New data finds retail workers most targeted by malicious emails


New Tessian Report Reveals How 2 Million Emails Reported As Malicious Bypassed Traditional Email Defenses In 12 Months, Explains Top Phishing Techniques Used By Cybercriminals

SAN FRANCISCO. September 21, 2021 – Two million malicious emails bypassed traditional email defenses, like secure email gateways, between July 2020 and July 2021, according to a new report of the company Human Layer Security tessian. These emails were flagged by the Tessian Defender inbound email security tool as malicious and analyzed by Tessian researchers to reveal the tactics used by cybercriminals to carry out advanced spear phishing attacks that bypass defenses.

Tessian Spear Status Phishing Report

Who is targeted and how?
The retail industry was the most frequently targeted during this period, with the average retail employee receiving 49 malicious emails per year. This figure is significantly higher than the overall average of 14 emails detected per user per year. Manufacturing industry employees have also been identified as major targets, with the average worker receiving 31 malicious emails per year.

To evade detection and deceive employees, the attackers used identity theft techniques. The most common tactic was display name spoofing (19%), whereby the attacker changes the sender’s name and disguises himself as someone the target recognizes. Domain impersonation, where the attacker creates an email address that appears legitimate, was used in 11% of threats detected by Tessian. These subtle nuances in the realm of email aren’t always easy to spot.

The brands most likely to be spoofed in emails detected between July 2020 and July 2021 were Microsoft, ADP, Amazon, Adobe Sign, and Zoom – the latter likely being boosted by the shift to remote working.

Account hacking attacks have also been identified as a major threat, an attack vector that, on average, costs businesses $ 12,000. In this case, the malicious emails come from a trusted provider or the legitimate email address of a provider and are unlikely to be flagged as suspicious by a secure email gateway. Tessian data revealed that the account takeover comprised 2% of the malicious emails scanned, and the legal and financial services industries were the most targeted by this type of attack.

What is the motive?
While emails with attachments were once a popular ‘spray and pray’ method to trick people into downloading malware, Tessian found that less than a quarter (24%) of reported emails contained an attachment. In addition, 12% of malicious emails did not contain a URL or file, indicating that attackers are deviating from typical attack indicators. Links, however, still prove to be a popular and effective payload, with almost half (44%) of malicious emails containing a URL.

As credential theft grows in popularity among cybercriminals today, Tessian found more keywords related to “wire transfers” than “credentials” in his analysis. This suggests that the motive behind these attacks is still largely focused on financial gain.

When are people most vulnerable?
Most malicious emails were sent around 2:00 p.m. and 6:00 p.m. in the hope that a late afternoon phishing email would escape a tired or distracted employee. Forwards also took advantage of specific times of the year. Tessian found the biggest spike in malicious emails just before and after Black Friday, a time when many people expect to receive a surge of emails touting deals and attackers can take advantage of the deals. “Too good to be true” and use them as decoys in their scams.

“The days of mass spam and phishing attacks are over, and highly targeted spear phishing emails are here to stay. Why? Because they reap the greatest rewards, ”said Josh Yavor, chief information security officer at Tessian.

“The problem is, these types of attacks are changing every day. Cybercriminals always find ways to bypass detection and reach employee inboxes, leaving people as the last line of defense for organizations. It is totally unreasonable to expect every employee to identify every sophisticated phishing attack and not fall for it. Even with training, people will make mistakes or be deceived. Businesses need a more advanced approach to email security to stop the threats that spread – the attacks that cause the most damage – because relying on your staff 100% of the time isn’t enough. “

Read the full report here: or learn more about Tessian Defender by visiting

— ENDS —

About the research
Tessian researchers analyzed emails reported by its inbound email security solution, Tessian Defender, between July 2020 and July 2021.

About Tessian
Tessian’s mission is to secure the human layer by allowing people to do their best, without security getting in the way. Using machine learning technology, Tessian automatically predicts and eliminates advanced email threats caused by human error – such as data exfiltration, accidental data loss, email compromise. business emails and phishing attacks – with minimal disruption to employee workflow. Founded in 2013, Tessian is backed by renowned investors like Sequoia, Accel, March Capital and Balderton Capital.

Press contact
Laura Brooks | tessian
[email protected]

Leave A Reply

Your email address will not be published.