News • 23.09.2021

Employees in retail industry most targeted by malicious emails

Top phishing techniques used by cybercriminals

green letters on black background
Source: Unsplash/Markus Spiske

Two million malicious emails bypassed traditional email defenses, like secure email gateways, between July 2020-July 2021, according to a new report from Human Layer Security company Tessian. These emails were flagged by inbound email security tool Tessian Defender as malicious and analyzed by Tessian researchers to reveal the tactics cybercriminals use to carry out advanced spear phishing attacks that bypass defenses.

Who’s being targeted and how?

The retail industry was targeted most often during this period, with the average employee in this sector receiving 49 malicious emails a year. This is significantly higher than the overall average of 14 emails detected per user, per year. Employees in the manufacturing industry were also identified as major targets, with the average worker receiving 31 malicious emails a year. 

To evade detection and trick employees, attackers used impersonation techniques. The most common tactic was display name spoofing (19%), whereby the attacker changes the sender’s name and disguises themselves as someone the target recognizes. Domain impersonation, whereby the attacker sets up an email address that looks like a legitimate one, was used in 11% of threats detected by Tessian. These subtle nuances in the email domain aren’t always easy to spot. 

The brands most likely to be impersonated in the emails detected between July 2020 and July 2021 were Microsoft, ADP, Amazon, Adobe Sign and Zoom - the latter likely spurred on by the shift to remote working.

Account takeover attacks were also identified as a major threat, an attack vector that, on average, costs businesses $12,000. In this case, the malicious emails come from a trusted vendor or supplier’s legitimate email address, and likely won’t be flagged by a secure email gateway as suspicious. Tessian data found that account takeover comprised 2% of malicious emails analyzed, and the legal and financial services industries were targeted most by this type of attack.

What’s the motive?

While emails containing attachments were once a popular “spray and pray” method to trick people into downloading malware, Tessian found that less than one-quarter (24%) of the emails flagged contained an attachment. In addition, 12% of malicious emails contained neither a URL or file – a sign that attackers are moving away from using typical indicators of an attack. Links, however, do still prove to be a popular and effective payload, with almost half (44%) of malicious emails containing a URL.

While credential theft is growing in popularity among cybercriminals today, Tessian found more keywords related to “wire transfers” than “credentials” in its analysis. This suggests that the motive behind these attacks is still largely focused on financial gain.

When are people most vulnerable?

Most malicious emails were delivered around 2 p.m. and 6 p.m. in the hopes that a phishing email, sent during the late afternoon, will slip past a tired or distracted employee. Attackers also capitalized on specific times of the year. Tessian found the biggest spike in malicious emails immediately before and following Black Friday, a time when many people expect to receive a surge of emails touting deals and attackers can leverage the “too-good-to-be-true” deals and use them as lures in their scams.

Source: Tessian

related articles:

popular articles:

Thumbnail-Photo: VM & Display Show 2022
12.10.2021   #brick and mortar retail #retail

VM & Display Show 2022

05.04.-06.04.2022 | London

World-changing thinkers and innovators all from April 5-6, 2022, under one roof. The VM and Display Show is the longest running exhibition for the industry.Whether you are a retailer, designer, in the leisure and entertainment industry or in ...

Thumbnail-Photo: AllFacebook Marketing Conferenz
13.10.2021   #retail #digital marketing

AllFacebook Marketing Conferenz

16.03. - 17.03.2022 | Online

Discountcode for tickets (15% discount): IXTENSOAFBMCOn two stages simultaneously with over 20 speakers and large breaks for networking, the AllFacebook Marketing Conference will take place online from March 16 to 17, 2022.In addition to our normal ...

Thumbnail-Photo: DMWF Global 2022 – Digital Marketing World Forum...
12.10.2021   #retail #digitization

DMWF Global 2022 – Digital Marketing World Forum

23.06.-24.06.2022 | London

#DMWF Global 2022 – With a 12+ year history of bringing together the worldwide digital marketing community to tackle the challenges that the digital future presents. From June 23-24, 2022 – Delivering 2 days of online top-level strategic ...

Thumbnail-Photo: Frankonia connects online and offline shopping experience...
13.10.2021   #omnichannel #electronic shelf labels (ESL)

Frankonia connects online and offline shopping experience

Cloud-based ESL solution

The German hunting retailer, Frankonia, has decided to roll out Breece System with electronic shelf labels (ESL) from Delfi Technologies in all its stores to connect the online and offline shopping experience. Founded in 1908, Frankonia in ...

Thumbnail-Photo: Fashion Tech Berlin 2022
28.09.2021   #online trading #e-commerce

Fashion Tech Berlin 2022

18.01. - 20.01.2022 | STATION Berlin, Germany

FASHIONTECH Berlin is a conference about the future of fashion and deals with topics around innovations and digitalization in the fashion industry. Global players, buyers, start-ups, influencers, marketing experts and journalists will come together ...

Thumbnail-Photo: Digital Care Labels: Show eco-consumers you mean business...
02.08.2021   #digitization #sustainability

Digital Care Labels: Show eco-consumers you mean business

Why fashion should allow consumers to take part in their garment’s circularity story

Clothing brands are actively seeking ways to lighten their environmental impact. It’s shocking that, on average, 23 kilograms of greenhouse gases are produced per kilogram of fabric, and in North-West Europe alone, around 4.7 ...

Thumbnail-Photo: Future Stores 2022 – The Event for In-Store Retail Executives...
11.10.2021   #brick and mortar retail #retail

Future Stores 2022 – The Event for In-Store Retail Executives

31.01.2022 | Online

Retail. Reimagined.In an effort to give you a more robust virtual event experience, we have decided to postpone the Future Stores Virtual Event that was scheduled for October 19 until January 31, 2022.2021 has been a year of maintenance, adjusting ...

Thumbnail-Photo: PromoTex Expo 2022 – International trade fair for promotion, sports...
13.10.2021   #retail #event

PromoTex Expo 2022 – International trade fair for promotion, sports and workwear

11.01. - 13.01.2022 | Düsseldorf

The trade show PromoTex Expo in Düsseldorf is an international trade fair for promotional, sports and workwear. More than 500 exhibitors, including international textile manufacturers, importers, textile traders and finishing service providers, ...

Thumbnail-Photo: nordstil Winter 2022 – Order platform for a wide range of consumer...
27.09.2021   #brick and mortar retail #retail

nordstil Winter 2022 – Order platform for a wide range of consumer goods

15.01. - 17.01.2022 | Hamburg Messe

The trade fair Nordstil Hamburg is the order fair (Regional Order Days Hamburg) for Northern Germany and Scandinavia and presents the trendiest products of the consumer goods industry on January 15 - 17, 2022. Nordstil Messe Hamburg offers clearly ...

Thumbnail-Photo: DICKS Sporting Goods and NIKE create connected partnership...
08.11.2021   #app #omnichannel

DICK'S Sporting Goods and NIKE create connected partnership

Omnichannel app and event marketing for an enhanced shopping experience

DICK'S Sporting Goods and NIKE, Inc. have forged a transformative, connected partnership designed to enhance the shopping experience for DICK'S and NIKE customers. This first-of-its-kind collaboration will allow DICK'S and NIKE to each ...

Supplier

Reflexis Systems GmbH
Reflexis Systems GmbH
Kokkolastr. 5-7
40882 Ratingen
Delfi Technologies GmbH
Delfi Technologies GmbH
Landgraben 75
24232 Schönkirchen
Citizen Systems Europe GmbH
Citizen Systems Europe GmbH
Otto-Hirsch-Brücken 17
70329 Stuttgart
POS TUNING Udo Voßhenrich GmbH & Co KG
POS TUNING Udo Voßhenrich GmbH & Co KG
Am Zubringer 8
32107 Bad Salzuflen
APG Cash Drawer
APG Cash Drawer
4 The Drove
BN9 0LA Newhaven