News • 23.09.2021

Employees in retail industry most targeted by malicious emails

Top phishing techniques used by cybercriminals

green letters on black background
Source: Unsplash/Markus Spiske

Two million malicious emails bypassed traditional email defenses, like secure email gateways, between July 2020-July 2021, according to a new report from Human Layer Security company Tessian. These emails were flagged by inbound email security tool Tessian Defender as malicious and analyzed by Tessian researchers to reveal the tactics cybercriminals use to carry out advanced spear phishing attacks that bypass defenses.

Who’s being targeted and how?

The retail industry was targeted most often during this period, with the average employee in this sector receiving 49 malicious emails a year. This is significantly higher than the overall average of 14 emails detected per user, per year. Employees in the manufacturing industry were also identified as major targets, with the average worker receiving 31 malicious emails a year. 

To evade detection and trick employees, attackers used impersonation techniques. The most common tactic was display name spoofing (19%), whereby the attacker changes the sender’s name and disguises themselves as someone the target recognizes. Domain impersonation, whereby the attacker sets up an email address that looks like a legitimate one, was used in 11% of threats detected by Tessian. These subtle nuances in the email domain aren’t always easy to spot. 

The brands most likely to be impersonated in the emails detected between July 2020 and July 2021 were Microsoft, ADP, Amazon, Adobe Sign and Zoom - the latter likely spurred on by the shift to remote working.

Account takeover attacks were also identified as a major threat, an attack vector that, on average, costs businesses $12,000. In this case, the malicious emails come from a trusted vendor or supplier’s legitimate email address, and likely won’t be flagged by a secure email gateway as suspicious. Tessian data found that account takeover comprised 2% of malicious emails analyzed, and the legal and financial services industries were targeted most by this type of attack.

What’s the motive?

While emails containing attachments were once a popular “spray and pray” method to trick people into downloading malware, Tessian found that less than one-quarter (24%) of the emails flagged contained an attachment. In addition, 12% of malicious emails contained neither a URL or file – a sign that attackers are moving away from using typical indicators of an attack. Links, however, do still prove to be a popular and effective payload, with almost half (44%) of malicious emails containing a URL.

While credential theft is growing in popularity among cybercriminals today, Tessian found more keywords related to “wire transfers” than “credentials” in its analysis. This suggests that the motive behind these attacks is still largely focused on financial gain.

When are people most vulnerable?

Most malicious emails were delivered around 2 p.m. and 6 p.m. in the hopes that a phishing email, sent during the late afternoon, will slip past a tired or distracted employee. Attackers also capitalized on specific times of the year. Tessian found the biggest spike in malicious emails immediately before and following Black Friday, a time when many people expect to receive a surge of emails touting deals and attackers can leverage the “too-good-to-be-true” deals and use them as lures in their scams.

Source: Tessian

related articles:

popular articles:

Thumbnail-Photo: For you: Retail marketing calendar 2024
08.01.2024   #marketing #sales promotion

For you: Retail marketing calendar 2024

You can use these phases and days for yourself and your business in the upcoming year

Birthdays, holidays, holidays ... We record all these days in calendars every year to plan our personal daily lives. But the financial year can also be planned. This can be particularly important for retailers. You can plan ...

Thumbnail-Photo: Turning customers into friends - heres how it works...
24.01.2024   #marketing #online marketing

Turning customers into friends - here's how it works

WhatsApp channels as a secret weapon in the marketing mix

In fall 2023, Meta launched WhatsApp channels, a completely new feature in 150 countries ...

Thumbnail-Photo: Tips: Optimal shopping experience for  Christmas...
22.11.2023   #online trading #artificial intelligence

Tips: Optimal shopping experience for Christmas

How to prepare for the shopping days as an Amazon retailer

The promotional days at the start of the Christmas...

Thumbnail-Photo: The quiet hour – A contribution to inclusion in retail?...
31.10.2023   #customer satisfaction #customer experience

The "quiet hour" – A contribution to inclusion in retail?

Finding calm in a busy world: supermarkets make their mark

The world of commerce is constantly looking for new ways to attract and retain customers...

Thumbnail-Photo: Valentines Day marketing: creative campaigns to make your heart sing...
18.01.2024   #brick and mortar retail #sustainability

Valentine's Day marketing: creative campaigns to make your heart sing

Examples of how you can score points on Valentine's Day

Zalando killed two birds with one stone in 2021: with the invitation to "campaign exchange the clothes after your ex", customers were shown ...

Thumbnail-Photo: Veganuary 2024: Best sales strategies to reach the ‘no meat’...
11.01.2024   #brick and mortar retail #food retail

Veganuary 2024: Best sales strategies to reach the ‘no meat’

Why retailers should take advantage of the trend

Veganuary has begun its fourth year in Germany. Over 850 German companies are taking part in this global movement for a plant-based ...

Thumbnail-Photo: Christmas decorations: set the scene for your store!...
09.11.2023   #customer experience #shop decoration

Christmas decorations: set the scene for your store!

From the floor to the shelves and lights to the shop window - here's how to get your store ready for Christmas!

The weeks leading up to Christmas Eve are considered to be the busiest of the year....

Thumbnail-Photo: Black Friday and Cyber Monday: Minimize mistakes, maximize success...
11.10.2023   #e-commerce #customer satisfaction

Black Friday and Cyber Monday: Minimize mistakes, maximize success

Mistakes you can avoid on promotion days like Black Friday and Cyber Monday

The promotion days on November 24 and 27 raise the sales hopes of many retailers. Despite the huge potential, these events can also be a challenge. Competition is fierce, customers are critical and expect exceptional deals. Mistakes in preparation ...

Thumbnail-Photo: ISE 2024 - the future of retail
23.10.2023   #online trading #Tech in Retail

ISE 2024 - the future of retail

ISE will take place in Barcelona from 30 January to 2 February 2024

Since it began in 2004, Integrated Systems Europe (ISE) - the world's premier exhibition for professional audio visual (pro AV) and systems integration - has grown in size, strength and influence to become an industry-defining event. Every year, ...

Thumbnail-Photo: Social Commerce: Community sells?
04.10.2023   #online trading #sustainability

Social Commerce: Community sells?

Why the community approach is replacing fast delivery among customer demands and what that means for you.

For a long time it was said that fast or even "same day delivery is the key". For Fabian Mischler, this is no longer the only key to satisfied customers. In an interview, the CEO of the social commerce platform ooblee told us why community ...