Request a Demo of Tessian Today.

Automatically stop data breaches and security threats caused by employees on email. Powered by machine learning, Tessian detects anomalies in real-time, integrating seamlessly with your email environment within minutes and starting protection in a day. Provides you with unparalleled visibility into human security risks to remediate threats and ensure compliance.

Move beyond your SEG with Tessian’s SEG Consolidation Wizard  | Generate Report Now →

Tessian Blog

  • All
  • Customer Stories
  • Compliance
  • Email DLP
  • Integrated Cloud Email Security
  • Data & Trends
  • NULL
    array(14) { [0]=> object(WP_Term)#10975 (11) { ["term_id"]=> int(5) ["name"]=> string(16) "Customer Stories" ["slug"]=> string(16) "customer-stories" ["term_group"]=> int(0) ["term_taxonomy_id"]=> int(5) ["taxonomy"]=> string(8) "category" ["description"]=> string(155) "Read our latest Customer Stories, interviews and news. Learn how Tessian protects organisations in Financial Services, Legal, Technology and other markets." ["parent"]=> int(0) ["count"]=> int(46) ["filter"]=> string(3) "raw" ["term_order"]=> string(1) "2" } [1]=> object(WP_Term)#11297 (11) { ["term_id"]=> int(120) ["name"]=> string(10) "Compliance" ["slug"]=> string(10) "compliance" ["term_group"]=> int(0) ["term_taxonomy_id"]=> int(120) ["taxonomy"]=> string(8) "category" ["description"]=> string(143) "Read our latest articles, tips and news on Compliance including GDPR, CCPA and other industry-specific regulations and compliance requirements." ["parent"]=> int(0) ["count"]=> int(40) ["filter"]=> string(3) "raw" ["term_order"]=> string(1) "5" } [2]=> object(WP_Term)#11296 (11) { ["term_id"]=> int(116) ["name"]=> string(9) "Email DLP" ["slug"]=> string(20) "data-loss-prevention" ["term_group"]=> int(0) ["term_taxonomy_id"]=> int(116) ["taxonomy"]=> string(8) "category" ["description"]=> string(144) "Read our latest articles, tips and industry-specific news around Data Loss Prevention (DLP). Learn about the implications of data loss on email." ["parent"]=> int(0) ["count"]=> int(99) ["filter"]=> string(3) "raw" ["term_order"]=> string(1) "4" } [3]=> object(WP_Term)#11295 (11) { ["term_id"]=> int(2) ["name"]=> string(31) "Integrated Cloud Email Security" ["slug"]=> string(20) "human-layer-security" ["term_group"]=> int(0) ["term_taxonomy_id"]=> int(2) ["taxonomy"]=> string(8) "category" ["description"]=> string(301) "Integrated Cloud Email Security solutions were introduced as a new category, and positioned as the best defense against advanced phishing threats that evade traditional email security controls.  Learn more about what they are, the benefits of using them, and how you can best evaluate those on offer." ["parent"]=> int(0) ["count"]=> int(135) ["filter"]=> string(3) "raw" ["term_order"]=> string(1) "1" } [4]=> object(WP_Term)#11294 (11) { ["term_id"]=> int(486) ["name"]=> string(17) "Data & Trends" ["slug"]=> string(11) "data-trends" ["term_group"]=> int(0) ["term_taxonomy_id"]=> int(486) ["taxonomy"]=> string(8) "category" ["description"]=> string(0) "" ["parent"]=> int(352) ["count"]=> int(1) ["filter"]=> string(3) "raw" ["term_order"]=> string(1) "3" } [5]=> object(WP_Term)#11293 (11) { ["term_id"]=> int(341) ["name"]=> string(13) "Insider Risks" ["slug"]=> string(13) "insider-risks" ["term_group"]=> int(0) ["term_taxonomy_id"]=> int(341) ["taxonomy"]=> string(8) "category" ["description"]=> string(154) "Access Tessian's library of free data exfiltration posts, guides and trend insights. Acidental data loss, insider threats, and misdirected emails content." ["parent"]=> int(490) ["count"]=> int(39) ["filter"]=> string(3) "raw" ["term_order"]=> string(1) "2" } [6]=> object(WP_Term)#11292 (11) { ["term_id"]=> int(433) ["name"]=> string(14) "Remote Working" ["slug"]=> string(14) "remote-working" ["term_group"]=> int(0) ["term_taxonomy_id"]=> int(433) ["taxonomy"]=> string(8) "category" ["description"]=> string(163) "Access free tips from security leaders and new research related to remote working and hybrid-remote structures. Level-up your cybersecurity for a remote workforce." ["parent"]=> int(116) ["count"]=> int(16) ["filter"]=> string(3) "raw" ["term_order"]=> string(1) "1" } [7]=> object(WP_Term)#11291 (11) { ["term_id"]=> int(384) ["name"]=> string(7) "Podcast" ["slug"]=> string(7) "podcast" ["term_group"]=> int(0) ["term_taxonomy_id"]=> int(384) ["taxonomy"]=> string(8) "category" ["description"]=> string(345) "Cybersecurity podcast series on the human factor, discussing why we need to focus on people - not just machines and data - to stop breaches and empower employees. Tim Sadler, CEO of Tessian meets with business, IT and security leaders to flip the strict on cybersecurity and share best practices, cybersecurity challenges, threat intel and more." ["parent"]=> int(2) ["count"]=> int(9) ["filter"]=> string(3) "raw" ["term_order"]=> string(1) "1" } [8]=> object(WP_Term)#11290 (11) { ["term_id"]=> int(411) ["name"]=> string(14) "Threat Stories" ["slug"]=> string(14) "threat-stories" ["term_group"]=> int(0) ["term_taxonomy_id"]=> int(411) ["taxonomy"]=> string(8) "category" ["description"]=> string(155) "Tessian Threat Intelligence and Research team uncovers trends and insights in email security related to phishing, social engineering, and more. Learn more!" ["parent"]=> int(0) ["count"]=> int(24) ["filter"]=> string(3) "raw" ["term_order"]=> string(1) "3" } [9]=> object(WP_Term)#11289 (11) { ["term_id"]=> int(3) ["name"]=> string(22) "Advanced Email Threats" ["slug"]=> string(22) "advanced-email-threats" ["term_group"]=> int(0) ["term_taxonomy_id"]=> int(3) ["taxonomy"]=> string(8) "category" ["description"]=> string(166) "Get up to speed on the latest tips, guides, industry news and technology developments around phishing, spear phishing, Business Email Compromise, and Account Takeover" ["parent"]=> int(490) ["count"]=> int(156) ["filter"]=> string(3) "raw" ["term_order"]=> string(1) "6" } [10]=> object(WP_Term)#11288 (11) { ["term_id"]=> int(352) ["name"]=> string(15) "Life at Tessian" ["slug"]=> string(12) "team-culture" ["term_group"]=> int(0) ["term_taxonomy_id"]=> int(352) ["taxonomy"]=> string(8) "category" ["description"]=> string(149) "Learn more about Tessian company news, events, and culture directly from different teams. Hear from engineering, product, customer success, and more." ["parent"]=> int(0) ["count"]=> int(47) ["filter"]=> string(3) "raw" ["term_order"]=> string(1) "7" } [11]=> object(WP_Term)#11244 (11) { ["term_id"]=> int(435) ["name"]=> string(21) "Interviews With CISOs" ["slug"]=> string(21) "ciso-spotlight-series" ["term_group"]=> int(0) ["term_taxonomy_id"]=> int(435) ["taxonomy"]=> string(8) "category" ["description"]=> string(164) "Learn how to navigate the threat landscape, how to get buy-in, and how to break into the industry from these cybersecurity leaders from Shell, Penn State, and more." ["parent"]=> int(0) ["count"]=> int(33) ["filter"]=> string(3) "raw" ["term_order"]=> string(1) "8" } [12]=> object(WP_Term)#11254 (11) { ["term_id"]=> int(436) ["name"]=> string(16) "Engineering Blog" ["slug"]=> string(16) "engineering-blog" ["term_group"]=> int(0) ["term_taxonomy_id"]=> int(436) ["taxonomy"]=> string(8) "category" ["description"]=> string(134) "Tessian's engineering team shares tips for solving complex problems. Get advice related to QAs, 502 errors, team management, and more." ["parent"]=> int(352) ["count"]=> int(18) ["filter"]=> string(3) "raw" ["term_order"]=> string(1) "1" } [13]=> object(WP_Term)#11231 (11) { ["term_id"]=> int(434) ["name"]=> string(16) "Cyber Skills Gap" ["slug"]=> string(16) "cyber-skills-gap" ["term_group"]=> int(0) ["term_taxonomy_id"]=> int(434) ["taxonomy"]=> string(8) "category" ["description"]=> string(149) "Learn more about the cybersecurity skills gap and cybersecurity gender gap. Research and interviews with industry leaders and champions of diversity." ["parent"]=> int(435) ["count"]=> int(19) ["filter"]=> string(3) "raw" ["term_order"]=> string(1) "1" } }
Beyond the SEG / Microsoft + Tessian, Security Awareness Coaching, Integrated Cloud Email Security, Advanced Email Threats
Latest Microsoft Report Confirms Need for AI-Based Phishing Protection
by Bob Boyle Tuesday, May 30th, 2023
Nearly all forms of Business Email Compromise (BEC) attacks are on the rise, according to the fourth edition of Microsoft Threat Intelligence Cyber Signals published last week. In the latest Microsoft research for phishing protection, Microsoft Threat Intelligence Digital Crimes Unit (DCU) detected and investigated 35 million BEC attempts between April 2022 and April 2023, or 156,000 attacks every day. The FBI Internet Crime Report 2022 also found that BEC attacks were responsible for over $2.7 billion in losses last year alone. Microsoft saw an increase in both the sophistication of attacks and the tactics used by adversaries in BEC attacks. Cybercrime-as-a-Service organizations enable advanced phishing techniques at scale for bad actors, allowing them to easily circumvent traditional detection methods like “impossible travel” flags and malicious URL detection.  According to the Microsoft Threat Intelligence Cyber Signals report, BEC attacks stand apart in the cybercrime industry for their emphasis on social engineering and the art of deception. The report goes on to explain that, rather than targeting software vulnerabilities, BEC attacks exploit the daily sea of email traffic to lure victims into providing financial information or taking action which unknowingly helps criminals perform fraudulent money transfers. 
Key Findings by Microsoft Threat Intelligence Digital Crimes Unit from April 2022 to April 2023:   35 million annual BEC attempts detected and investigated  156,000 daily BEC attempts detected and investigated   417,678 unique phishing URL takedowns   38% increase in Cybercrime-as-a-Service targeting business email [2019 – 2022]   BEC threat actors increasingly purchase credentials and local IP addresses from end-to-end Cybercrime-as-a-Service (CaaS) providers to evade traditional detection methods Top Targets for BEC Attacks:   Executives & Senior Leadership   Finance Teams & Management   HR Staff with access to employee records (i.e. Social Security numbers, Payroll, and other PII)   New employees less likely to verify unfamiliar requests via email Top Trends for BEC Attacks in 2023 (January to April)   LURE attacks (Legacy URL Reputation Evasion)   Payroll/Invoice attacks   Gift Card Requests   Business Information Requests Defending Against BEC Attacks – Microsoft’s Recommendations The Microsoft Threat Intelligence Cyber Signals report discusses many best practices that organizations can implement in the fight against BEC, but their recommendations can really be boiled down into two key initiatives:     Enhancing existing defenses through AI-based phishing protection    Training employees to better spot BEC attacks in real-time
Microsoft + Tessian – Better Together Tessian’s Complete Cloud Email Security Platform is an ICES solution that defends against advanced email threats, protects your most sensitive data from being lost via email, helps security teams respond to email security incidents faster and more efficiently, all while coaching end-users to drive better security decisions in real time. Organizations leveraging Microsoft’s native email security capabilities along with Tessian find the most complete cloud-based AI-driven email security coverage for defending against BEC attacks.  Aligning with the recommendations in the most recent Microsoft Threat Intelligence Cyber Signals report, Tessian enhances Microsoft’s native email security capabilities by leveraging behavioral based AI detection for more effective prevention against social engineering attacks. Tessian also offers customizable, bespoke in-the-moment security coaching that encourages end-users to take a step back and consider the potential risks and costs associated with successful BEC attacks.  To learn more about how organizations are pairing Microsoft + Tessian for the most complete email security protection, download our Tessian + Microsoft 365 Solution Guide.  
Read Blog Post
Product Updates, Advanced Email Threats
Unlock Email Security Visibility Within Splunk
by Seema Shah Thursday, May 11th, 2023
Security teams are deploying an increasing number of security tools to defend against the rapidly evolving threat landscape and protect against data loss. Each security tool generates granular insights into a business’s cyber risks, events and incidents. Security teams at large enterprises typically manage 64 security tools on average, which leads to high overhead and little room for active investigation. Even with a comprehensive security stack, teams face increased need to gain consolidated visibility and improve their business’s cyber security posture. It is no surprise that a third of security teams (33%) feel as though they are being drained of time because of administrative tasks and 70% of SOC teams feel emotionally overwhelmed.  Cybersecurity has become a boardroom issue and needs to be communicated effectively to stakeholders throughout the business. Security teams find themselves spending over half their time producing reports across a number of different security tools in an effort to paint an accurate picture of their cyber security controls and their contribution to risk reduction.  Drowning in data?  The true value of a well curated security stack is amplified through consolidation of data from separate applications focused on specific security problems to form a holistic picture of an organization’s investment in the protection of their core assets and customers’ data.  Today Tessian has released an native application for Splunk® Enterprise and Splunk Cloud customers which allows security teams to ingest data from the Tessian Cloud Email Security Platform into their Splunk instance, enabling them to gain further visibility of security events across multiple tools in one place. As a well-established leader in Security Information and Event Management (SIEM) Splunk empowers organizations to collect, analyze, and visualize data at scale.  When customers consolidate Tessian’s email security data with other solutions within Splunk Enterprise and Splunk Cloud, it enables the streamlining of processes and workflows and provides a more contextualized and complete risk profile of their environment, down to the employee level.  The Tessian Splunk integration allows security events and more to be ingested into Splunk Enterprise and Splunk Cloud, and facilitate the following crucial use cases: Advanced threat analysis for email based attacks  Email continues to be one of the most significant risks in any organization. In 2022 phishing and business email compromise cost an organization, on average, $4.9 million per year—ten times the cost of DDOS and ransomware attacks combined.  Customers can leverage Tessian event data within Splunk Enterprise and Splunk Cloud to correlate email-based threats with other security events across an organization. Splunk collects and analyzes data from any source set up by the security teams, including network traffic, system logs, and endpoint security solutions, to create a comprehensive view of security threats. This holistic approach enables security teams to identify patterns and trends in cyber-attacks and potential risks for data loss, which can help to prevent future incidents and will accelerate diagnostics of the extent of any attack.
Unified and Customizable Reporting  The ability to efficiently monitor, analyze and correlate every data point associated with a security event in one place is instrumental to enabling security teams to take a more proactive approach to tackling the issue of advanced threats and data loss on email. A unified view of cyber risk driven by clear reporting not only saves a security teams’ time but also improves cyber risk management.  The customizable dashboard building experience of the Splunk platform provides visibility into email security events, enabling security teams to quickly identify and analyze threats, whilst factoring in insights from other security tools. The dashboards and data views can be customized to meet specific business needs such as team, business or compliance KPIs, drive boardroom conversations and tactical decision making. Tessian customers have used the Splunk platform to triage email security events, prioritizing key actions for team members to efficiently and effectively manage their operations.  Ultimately, the Tessian Splunk Integration allows security teams to:  Gain a unified view of email security data within the context of data from many different security tools to provide holistic picture of threats to the business Save security teams hours on manual reporting, giving them time to focus on actions and investigations  Mature the reporting process with customized dashboards for risk committees, insider threat programs and executive teams  Build Tessian data into security operations workflows, automating threat team notifications, incident reviews and user follow ups By combining the Tessian Cloud Email Security Platform which protects against advanced threats and data loss on email, with Splunk software’s analysis and automation capabilities, security teams can significantly raise the efficiency of their threat and risk management processes.
Read Blog Post
Life at Tessian
Tessian Launches Advanced Email Threat Response Capabilities for Security Teams
by Tessian Tuesday, April 25th, 2023
Dramatically faster solution that quickly identifies and responds to email threats through proactive threat hunting capabilities and automated response to end-user reported emails.  Quickly pivot between email events and prioritize response workflows through powerful search queries. Continuously improve prevention via a feedback loop to Tessian’s behavioral based AI detection. Boston, MA – April 25, 2023 – Tessian, a leading Integrated Cloud Email Security company, today announced the general availability of Tessian Respond, a major improvement in how security teams identify and respond to email threats compared to traditional secure email gateway solutions.  Security teams today face a backlog of end-user reported email threats, missed attacks by traditional controls, and spend too much investigating and remediating individual emails. Tessian Respond enables security teams to quickly identify and respond to all email threats by offering proactive threat hunting capabilities and enabling response and remediation for end-user reported emails. Security admins can now use powerful search queries that leverage intelligence and threat indicators from across the entire Tessian platform. Hundreds of world leading organizations trust the Tessian Cloud Email Security Platform which offers the industry’s most complete set of capabilities required for cloud email security: Tessian Defend, Tessian Protect, Tessian Respond, and Tessian Coach, in a simple to deploy model.  “At Tessian, we are focused on helping our customers eliminate email based threats,” said Allen Lieberman, Chief Product Officer of Tessian. “As customers pivot to cloud based email platforms, they are reconsidering their email security stack to prevent more threats and simplify operations.  With the introduction of Tessian Respond, combined with our existing Defend, Protect, and Coach capabilities, Tessian has established a platform that can be deployed in minutes, dramatically reducing email based risk and greatly simplifying operations”.  “Tessian stops email threats, including Phishing, Business Email Compromise and attacks that could lead to Ransomware or Credential theft on a daily basis,” said Jason Patterson, Senior Director of InfoSec, Compliance and Risk Management at Nasuni. “Without Tessian, these threats would have reached our end users. The platform is easy to use for both administrators and end users. However, investigating the larger impact of an email threat used to take 20 minutes or longer, due to pivoting between multiple tools and powershell scripts. With Tessian Respond, we can now pivot directly from a security event to an investigation in the Tessian platform that allows us to quickly understand the broader risk and remediate the full attack campaign in just a few clicks”. About Tessian Tessian’s mission is to secure the human layer by empowering people to do their best work, without security getting in their way. Using machine learning technology, Tessian automatically predicts and eliminates advanced threats on email caused by human error – like data exfiltration, accidental data loss, business email compromise and phishing attacks – with minimal disruption to employees’ workflow. Founded in 2013, Tessian is backed by renowned investors like Sequoia, Accel, March Capital and Balderton Capital, and has offices in San Francisco, Boston and London.
Read Blog Post
Life at Tessian
Tessian is First Email Security Platform to Fully Integrate with M365 To Provide Threat Protection and Insider Risk Protection
by Tessian Tuesday, April 25th, 2023
First to deliver a fully integrated deployment experience of the Microsoft Graph API and M365 Add-in to protect against both email threats and insider risk Deploy complete email security in minutes via Tessian’s integration with Microsoft 365 Simplified experience for end-users with native Office 365 integration Boston, MA – April 25, 2023 – Tessian, a leading Integrated Cloud Email Security company, today announced the release of a new M365 Add-in, simplifying the deployment of the Tessian Cloud Email Security Platform. Tessian’s M365 Integration is the first to offer click-through deployment that combines both Microsoft’s Graph API and Office Add-In to provide email threat protection and insider risk protection in minutes, without the need to deploy or maintain client-side code or a gateway. Many security teams today are moving to M365 environments and trying to secure their enterprise from email threats and data loss without impacting end-user experience. Historically, legacy email security tools used time consuming and complex deployment mechanisms like client-side code and gateways. These legacy methods could cause disruption to mail flow, required ongoing maintenance, and often provided poor end-user experiences. Tessian is solving these problems by enabling the full deployment of the Tessian Cloud Email Security Platform through the combination of two native Microsoft integrations – Graph API and Office Add-In –  which are deployed via an intuitive, click-through process. Customers can deploy complete email security in minutes without the traditional deployment challenges of email disruption, ongoing maintenance, changing MX records, or client-side code and gateways. Hundreds of world leading organizations trust the Tessian Cloud Email Security Platform, which now offers a simplified deployment and better end user experience for Microsoft 365 environments. With Tessian’s M365 Integration, including the newly available M365 Add-In, customers leveraging M365 benefit from the full capabilities of the Tessian Complete Email Security Platform to proactively secure email while offering an improved experience for end-users and security teams. “Many customers are moving to Microsoft 365 for their email platform,” said Allen Lieberman, Chief Product Officer of Tessian. “Tessian is leading the way with our integration across Microsoft technologies to deliver leading cloud-based email security and insider risk protection from the same platform, deployed in the simplest way possible.”  The M365 Add-in launch accompanies the launch of Tessian Respond to deliver a complete set of cloud email security capabilities – Tessian Defend, Tessian Protect, Tessian Respond, and Tessian Coach – all in a simple to deploy model.  About Tessian Tessian’s mission is to secure the human layer by empowering people to do their best work, without security getting in their way. Using machine learning technology, Tessian automatically predicts and eliminates advanced threats on email caused by human error – like data exfiltration, accidental data loss, business email compromise and phishing attacks – with minimal disruption to employees’ workflow. Founded in 2013, Tessian is backed by renowned investors like Sequoia, Accel, March Capital and Balderton Capital, and has offices in San Francisco, Boston and London.
Read Blog Post
Integrated Cloud Email Security, Product Updates
Respond Faster. Prevent More.
by Bob Boyle Tuesday, April 25th, 2023
Tessian Complete Cloud Email Security Platform defends against inbound email threats, protects your most sensitive data from being lost via email, helps security teams respond to email security incidents faster and more efficiently, while coaching end-users to drive better security decisions When evaluating email security solutions, security professionals care about one thing over anything else: will this help us prevent more threats?  The irony is, security solutions themselves have become one of the main drivers as to why security teams aren’t preventing more threats in the first place. Legacy gateway solutions are time intensive, manual and inefficient – meaning security teams simply don’t have the time, tools or patience to effectively manage their email security posture. Security teams today often rely on rule-based prevention policies or end-user reporting to first identify email risk, and then use between 2-5 different security tools to perform investigation and remediation workflows. For every individual email threat, this process can take 30 minutes on average – and sometimes, more.  This means if an organization sees any more than 15 potential email threat alerts, one single security team member may lose a full day of work.
Between a backlog of end-user reported emails, attacks that have bypassed traditional controls and inefficient email response workflows, security teams spend too much time responding to advanced email threats. It can take days, due to archaic tooling and approval processes, for organizations to remove known malicious emails from an enterprise, exposing the company to extended risk.  In order to prevent more threats, security teams need a solution that will help them cut through the noise, enhance their risk detection, and increase their response efficiency. This is exactly why we’ve built Tessian Respond. 
Tessian Respond is the fastest solution for security teams to quickly identify and respond to email threats by offering threat hunting capabilities and the automated response to end-user reported emails. Tessian Respond makes it easy for security teams to quickly pivot between email security events and response workflows, to better understand the full scope of an attack and make an informed response decision based on the risk. 
Powerful search queries leveraging data and threat indicators from the entire Tessian platform – such as Subject, URLs, or even File Hash Values – now allow security teams to investigate if a single email alert is an isolated incident, or part of a broader attack campaign across the organization. End-user reported emails will be ingested from any existing report phish button and prioritized by highest risk using a combination of machine learning algorithms and customer defined policies. Tessian Respond automatically classifies end-user reported spam and false positives, which enables the security team to quickly focus their time on legitimate higher risk email threats.  The ability to quickly detect and identify email risk does not, however, completely solve the problem that security teams are dealing with today. In order to enable more prevention, security teams need the ability to remediate existing email threats… FAST. Tessian Respond gives security teams bulk remediation actions directly within investigation workflows to quickly remove threats from the environment and reduce the organization’s attack surface moving forward. With a continuous feedback loop directly into Tessian’s behavioral based AI detection algorithm, every email marked as malicious, reported as spam, and removed from the inbox  improves Tessian’s understanding of an organization’s normal email behavior and helps Tessian improve prevention overtime. Security teams will benefit from Tessian Respond by spending less time triaging across multiple legacy email security solutions, manually remediating email threats with PowerShell scripts, and maintaining an overwhelming list of reactive rule-based prevention policies. Tessian Respond gives security teams the freedom and flexibility they need to do what is most important to them: prevent more threats.
When evaluating email security solutions, security professionals can be confident in one thing over anything else: Tessian enables security teams to respond faster, and as a result, prevent more threats.
Read Blog Post
Beyond the SEG / Microsoft + Tessian, Product Updates
Tessian Launches Complete M365 Integration
by James Alliband Tuesday, April 25th, 2023
We are excited to announce the release of our M365 Add-In, simplifying the deployment of the Tessian Cloud Email Security Platform. Tessian’s M365 Add-In (Office Add-In) comes together with the M365 API (Microsoft Graph API) to offer the M365 Integration an industry-first click-through deployment with Microsoft 365 providing email threat defense and insider risk protection in minutes, without the need to deploy or maintain client-side code or a gateway. The decline of gateway security solutions The effectiveness of legacy approaches to email security has been in the crosshairs for quite some time, primarily due to the declining effectiveness of Secure Email Gateway (SEG) and the pervasiveness of threats hitting inboxes, with email responsible for over 90% of cyber attacks.  Now Gartner predicts that by 2025, 85% of organizations will embrace cloud-first principles. This rapid acceleration to the cloud has opened up a world of possibilities for seamless integrations with cloud security providers. Most enterprises adopt cloud-hosted productivity suites such as Microsoft 365, which natively provides SEG capabilities. But it’s more than just a duplication of capabilities. The rapid shift to the cloud and the ever-changing threat landscape has exposed a once sturdy and reliant email defense to become vulnerable and ineffective in safeguarding users and data from advanced threats and insider risks.  Today security leaders are abandoning their point solution demanding SaaS solutions that integrate with their cloud solutions—removing that once overburdening, legacy solution for a more intelligent and straightforward approach.  Rise of Cloud Email Security?
The email security market was on hold for years. But then, according to the Verizon Data Breach Report, in 2022, human error was responsible for 82% of breaches. On average, phishing and business email compromise cost an organization $4.9 million annually, ten times the cost of DDOS and ransomware attacks combined. The need for a new approach to email security is no longer a choice. These solutions have not disappointed. The Rise of Cloud API-Enabled Email Security. CAPES/ICES solutions that have capitalized on a market ready for change.  M365 Integration. Effortless for the security team. Today Tessian has introduced an Integration that places power back into the security team’s hands—integrating in seconds with your M365 environment, leaving you protected in minutes.  However, this Integration comes with a difference. As with most ICES vendors, they are integrated via a graph API into the cloud-productivity suite, focused only on threats coming into the organization. Because of this, they are still leaving the organization exposed to insider risks and sensitive data loss. They are still operating as a point solution, unable to replace legacy email controls fully.  Tessian’s M365 Integration is different. A new and simple integration consisting of the M365 API (Graph API) and M365 Add-In (Office Add-In) allows complete email protection against a wide range of threats. The Integration requires Mailbox API Connection and an XML manifest file to be uploaded to the M365 Admin center.
This deployment follows just a few simple steps: Enable connection to M365 Tenant Grant required permissions to enable email security  Add directory groups to sync  Add mailboxes by group, user, or both to protect required end-users. Download the M365 Add-In manifest file and upload it to the M365 Admin Center.
Once the API has synced and the manifest is deployed when a user next opens a supported Outlook client Tessian’s Cloud Email Security Platform protects them. What is an Office Add-In Office Add-Ins (sometimes called Web Add-Ins) allow 3rd parties to build solutions that extend to Microsoft 365 applications. These solutions can run in Microsoft 365 applications, such as Outlook, across multiple platforms, including Windows, MAC, iPad, and a browser. Office Add-Ins are deployed centrally in the M365 Admin Center and don’t involve rolling out client-side software or routing emails through a gateway. They have low management overhead, no complex configurations, and no manual updates meaning security teams can focus on what matters most—protecting their organization. Integration flows The M365 Add-In (Office Add-In) requires M365 API connections to be fully functional, which is why the M365 Integration exists. As both are required to secure an organization, Tessian has built them together to make deployment as simple and easy as possible.  This new level of protection means that when the email check process starts, the M365 Add-In intercepts the email, checks the email with the Tessian Cloud Email Security Platforms behavioral intelligence model, and then the result is returned, either allowing the email to be sent or showing a warning message to the end-user and preventing a potential data loss incident.
Mistakes happen, and end-users should know they are protected.  When end-users receive or send an email, they know an automated check will occur to prevent an advanced phishing attack from hitting their inbox. 
Likewise, when a mistake happens, such as autocomplete on an email address, an end-user is warned of the potential error to not only avoid the potential data breach, but they are coached in the moment.  If the email is okay, the email continues on to its desired destination.
The time is now Tessian is built with simplicity and speed to protection in mind. And when 82% of breaches are caused by human error, the time is now to ensure you have the best email protection deployed.  Hundreds of the world’s organizations trust the Tessian Cloud Email Security Platform, which now offers a simplified deployment and better end-user experience for Microsoft 365 environments.
Read Blog Post
Beyond the SEG / Microsoft + Tessian, Advanced Email Threats
Tessian in Action: This Attack Got Through a SEG and M365, but Not Tessian.
by Tessian Threat Engineering Group Tuesday, March 28th, 2023
Cyber attacks are getting more sophisticated and more targeted. In this Tessian in Action update we explore how an attack got through legacy security solutions, but not Tessian.  Legacy security solutions just aren’t able to combat advanced threats over email the way that Integrated Cloud Email Solutions can. At Tessian, we’re seeing more and more attacks bypass traditional secure email gateways only to be stopped by our platform. The attack below sailed right through the client’s SEG and their Microsoft 365 defenses, only to be flagged by Tessian. The client, a medical firm, handles highly sensitive data and personal identifiable information. Fines from PII data breaches can be huge. In February 2023 Arizona-based Banner Health was fined $1,250,000 following a 2016 breach.
The target of the attack The attackers had clearly done their research, as this attack was specifically targeted at the client’s Chief Legal Officer, and one other senior member of the legal team. They were both targeted with a malicious URL sent from a look alike domain. The timing of the attack was 12-1 UTC, which was in the morning of the client’s location, perhaps in an attempt to catch them early and be top of their inbox.  Stopped dead in its tracks This attack was able to get past the client’s SEG and MS365 but Tessian flagged it as an impersonation attack. Tessian also identified the URL as malicious, and the fact it was a first time sender. Tessian’s Behavioral Intelligence models detected additional anomalies increasing our confidence score to 100/100. Consequently, this email never reached either of the recipients. The security team at the organization are well aware that attacks against their exec team can have devastating consequences. In fact, the security team that highlighted this attack to Tessian are highly active with the Tessian portal, and so quarantined it themselves, but had they not, Tessian Defender would have hard-quarantined this email or displayed a warning message to end users, coaching them and raising their security awareness ‘in the moment’.  It’s situations exactly like this that more and more firms are facing. Tessian was built exactly to stop these kinds of highly targeted attacks that slip by existing and legacy solutions. If you’d like to see how Tessian can better protect your organization, find out more with our Microsoft + Tessian Solutions Guide.
Read Blog Post
Advanced Email Threats
Tessian in Action: Phishing Attack Sends Credentials to Telegram
by Tessian Threat Engineering Group Monday, March 27th, 2023
Contributors : Catalin Giana & Razvan Olteanu In this example of Tessian in Action members of our Threat Intel Team saw this Microsoft credential attack target several of Tessian’s customers. There are four interesting things to note in this attack.  There was a zipped set of password instructions attached Within that was HTML that hid obfuscated Javascript which forwarded to a credential harvesting site The attack had a custom sender name for each individual attack Any successfully captured credentials were forwarded to Telegram. Here’s how the attack sequence worked. The email came as a Microsoft impersonating campaign with a zip file attached containing password instructions. Much like a sealed present, the hope was that the user would unpack the zip file to see what was in it, believing it to be legitimate.  
The copy in the email backs this up by specifically asking the user to unzip and follow the instructions within. There’s also an implied sense of urgency about the account expiring in the next 24 hours, which is further encouragement for the user to act.  It’s worth noting the ‘in the moment’ warning provided by Tessian at the top of the email here. Tessian adds custom warnings like this to Outlook (it looks a little different for gmail) to provide ‘in-the-moment’ security awareness for end users. Depending on how you have Tessian configured, and what our confidence score of threats are, we can either hard quarantine (as we did in this case) or add a warning and release to the user. You can see more on how Tessian protects against threats like these here. Upon downloading and unzipping the archive the team found malicious HTML. When executed it shows that it loads something from Microsoft Sharepoint which finally redirects to a Microsoft login phishing page.
Adding user credentials causes a script to execute which then queries ipinfo.io, to determine the IP address. It then attempts to pass the response along with the password entered directly to a telegram group using Telegram’s api.
Let’s look now at that HTML in detail.  Original form: The html contains multiple chunks of base64-encoded Javascript that needs decoding manually and concatenating in order to find the original script. Doing that reveals a new obfuscated Javascript that is hex-encoded and has appended some base64 code at the end.
After removing the hex code character and adding all the other base64 encoded chunks the original script looks like this.
Read Blog Post
Beyond the SEG / Microsoft + Tessian, Threat Stories, Advanced Email Threats
Tessian in Action: Microsoft Credential Scraping Attempt
by Tessian Threat Engineering Group Monday, March 20th, 2023
Recently Tessian’s Threat Engineering Group identified an emerging threat detected by Tessian Defender targeting around 45 of our customers. The campaign was an email credential harvesting attack and was not detected by Microsoft Exchange Online Protection (EOP) when the attack began.  Anatomy of the attack The attack email was able to bypass legacy security solutions, like secure email gateways, as well as Microsoft 365. Let’s explore some of the reasons why it was able to do that: Firstly, the email was ‘sent’ by Amazon Simple Email Service (SES), which is a common tool leveraged by attackers to send automated attacks. However, the display name impersonated the company being targeted, no doubt attempting to add legitimacy, • The display name was actually dynamically generated, taking the first three letters of the recipient address and pretending to be the company name. • This is done to avoid basic aggregation and detection methods by secure email gateways and native security controls of email providers. • Looking at the subject of the email, it’s fairly innocuous, and again a rule in a SEG to flag the word ‘payment’ would trigger hundreds of false positives. • Finally, the body of the email itself is benign, simply stating “Please consider the environment before printing this email”. If anything, the attack attempt is a little too spartan in content, which might have raised suspicions in the user that received it.
Let’s now look at the HTM attachment, which contains JavaScript, which is encoded (below)
And when decoded twice it looks like this. Note that some of the content is still encoded.
All this encoding and obfuscation is attempting to hide the fact that the script redirects the user to a credential harvesting form. The form is hosted on a domain registered one day before the first phishing email was seen on the Tessian network. What’s more, to add legitimacy, the customer’s logo is hosted at the top of the form. Remember, this attack went to several organizations, so the logo must be dynamic. It’s therefore likely that it was scraped by the attacker using automated tooling. The user the “username” field is already pre-populated with the recipient’s email address. Again, adding legitimacy and lower the amount of effort for the recipient to share their password. Finally, when the password is entered, it is posted to a PHP script hosted on the same domain.
How did Tessian Defender detect this threat? So how did Tessian Defender stop this threat when SEGs and Microsoft 365 didn’t? Well, as well as detecting unusual file characteristics, Tessian’s Behavioural Intelligence models detected additional anomalies increasing our confidence score to 100/100. They are as follows:   The recipient company name was used in the display name.  The recipient has no historical relationship with the sender. Multiple emails were sent to each customer in a short period of time, to unconnected employees, this is known as a bust attack.  Tessian’s Natural Language Processing (NLP) models classified the email as being payments-related Depending on the specific customer configuration, Tessian Defender either hard-quarantined this email or displayed the following warning message to end users, coaching them and raising their security awareness
Indicators of Compromise (IOCs) Tessian Threat Engineering Group reacted to add the below IOCs to the Tessian Unified Threat Interface. We recommend readers do the same Sender Address: jorgezamora@powderiverdev[.]com Credential Harvesting Site Domain: https://emdghouseltd4[.]pro
Contributors: Ed Bishop and Catalin Giana.
Read Blog Post
Beyond the SEG / Microsoft + Tessian
Tessian Recognized as a Representative Vendor in the 2023 Gartner® Market Guide for Email Security
by James Alliband Monday, March 20th, 2023
Tessian is honored that Gartner has recognized us as a Representative Vendor for Integrated Cloud Email Security (ICES) in the 2023 Market Guide for Email Security. Within the report, Gartner recommends that security and risk management leaders should: “Supplement the native capabilities of your existing cloud email solutions with third-party security solutions to provide phishing protection for collaboration tools and to address both mobile- and BEC-type phishing scenarios.” According to the report, “The migration to cloud email platforms continues along with a significant increase in the number of phishing attacks.” Further in the report Gartner states, “Impersonation and account takeover attacks via business email compromise (BEC) are increasing and causing direct financial loss, as users place too much in the identities associated with email, which is inherently vulnerable to deception and social engineering.” The report informs its readers, “email continues to be a significant attack vector for malware and credential theft through phishing. An estimated 40% of ransomware attacks start through email. Cloud adoption continues, with an estimated 70% using cloud email solutions.  
Gartner recommends that security and risk management leaders responsible for email security should:  Supplement the native capabilities of your existing cloud email solutions with third-party security solutions, to provide phishing protection for collaboration tools and to address both mobile- and BEC-type phishing scenarios.  Use email security solutions that include anti-phishing technology for targeted BEC protection that use AI to detect communication patterns and conversation-style anomalies, as well as computer vision for inspecting suspect URLs. Select products that can provide strong supply chain and AI-driven contact chain analysis for deeper inspection and can detect socially engineered, impersonated, or BEC attacks.  Prioritize integration of email security solution APIs to enable integration of email events into a broader XDR or security information and event management (SIEM)/security orchestration, analytics and reporting (SOAR) strategy.
While email security has come a long way since its inception around 2000, the greatest external threats facing on-premise mail servers at the time were bulk unsolicited mail and spam. But today, the world has changed. As Gartner refers to in the report, now an estimated 70% of organizations are using cloud email solutions. This rapid shift to the cloud has opened up a new threat to landscape security. Risk management leaders must uncover and learn how to protect themselves from it. Regarding email, the effectiveness of safeguarding this unsolicited domain has been in the crosshairs for quite some time. Today email is the entry point responsible for over 90% of cyber attacks.   
But why is this the case?  The rapid shift in moving to the cloud allowed cyber criminals a huge opportunity; an opportunity grabbed with both hands. Email security, while being in the crosshairs, has been largely untouched for many years. Organizations holding significant investments in their Secure Email Gateway (SEG) protect their internal network from the outside world. Still, it isn’t as though these solutions deteriorated overnight, but the world around them did. Secure Email Gateways were built to address security concerns in a forgone, cloud-adverse world. They were once the gold standard in email security. But the rapid shift to the cloud and ever-changing threat landscape exposed this once sturdy and reliant email defense to become vulnerable and ineffective in safeguarding users and data from advanced threats and insider risks.  Further to this, Microsoft and Google have pressured this space. Now offering overlapping capabilities of a Secure Email Gateway (SEG) solution within the cloud productivities platforms allowing organizations to streamline their email security approach, simplify their security stack and reduce cost and complexity. But while this is a positive for security and risk management leaders, Gartner states in the report that “threat actors are also getting more sophisticated, often targeting the end users using fake login pages as a way of harvesting credentials. Sophisticated email threats include compromised websites and weaponized documents used to deploy malware. Many ransomware-as-a-service gangs use email as the initial entry point. Beyond malware, business email compromise and account takeover threats continue to rise, with significant financial losses as a result”. 
Combatting this new wave of attacks  Now it is recommended to consolidate overlapping gateway capabilities into Microsoft 365 to help CISOs reduce cost and complexity while cautioning that CISOs should carefully evaluate the native capabilities offered by cloud email systems and ensure that they are adequate to prevent a sophisticated attack. An argument can be made that “complexity” remains at the heart of Microsoft’s licensing model. Microsoft has numerous packaging options, bundles, and add-ons. Knowing where they differ and overlap is vital to understanding what you have access to today and effectively leveraging native security capabilities to secure your email environment.
At Tessian we believe that organizations need to go beyond their SEG and that a Microsoft + ICES email security stack is the future of email security. Gartner recommends that to combat this new wave of attacks, email security solutions need to use a variety of more-advanced detection techniques, including, but not limited to, Natural Language Processing, Natural Language Understanding, and Social Graph Analysis. Gartner states, “ICES solutions go beyond simply blocking email by adding context-aware banners warning users. This means that the threshold for false positives can be higher and can also reinforce security awareness training. Often, a mechanism for reporting phishing is included, either as part of the email client or as another banner inserted into the email body.” Microsoft + Tessian = Comprehensive security This is where an intelligent cybersecurity solution like Tessian Cloud Email Security Platform comes into play, providing advanced email threat protection and insider risk protection on email. With Tessian, no mail exchange (MX) records need to be changed. Tessian can construct a historical user email pattern map of all email behavior in the organization. The algorithm can then detect and prevent threats that Microsoft or SEGs have failed to detect. 
This dynamic protection improves with each threat that is prevented. Unlike the in-line static nature of SEGs, it ensures 24/7 real-time protection against all attack vectors, including insider threats. That is why the leading enterprises opt to displace their legacy SEG and augment Microsoft’s native security capabilities with Tessian. Gartner, Market Guide for Email Security, Ravisha Chugh, Peter Firstbrook, Franz Hinner, 13 February 2023 GARTNER is a registered trademark and service mark of Gartner, Inc. and/or its affiliates in the U.S. and internationally, and is used herein with permission. All rights reserved. Gartner does not endorse any vendor, product or service depicted in its research publications, and does not advise technology users to select only those vendors with the highest ratings or other designation. Gartner research publications consist of the opinions of Gartner’s research organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose.
Read Blog Post
Attack Types, Threat Stories, Advanced Email Threats
Dozens of SVB and HSBC-themed URLs Registered
by Tessian Threat Engineering Group Wednesday, March 15th, 2023
As we explored 48 hours ago, the recent turbulence in the banking sector provided a potential opportunity for threat actors to launch attacks. So it comes as no surprise that we’re starting to see domains spun up for just such purposes. Tessian’s Threat Intel Team have been monitoring the situation as it unfolds, and found that multiple domains featuring both SVB and HSBC were registered. Malicious domains are being added to Tessian’s Unified Threat Feed to proactively protect our customers from future phishing attacks. What is interesting about this is that some are for legitimate, if a little unorthodox, activities like driving traffic, marketing and selling merchandise. It’s in this ‘fog of war’ that bad actors like to hide, and clearly some have been registered with attacks in mind. So let’s look at those first.  Siiiconvalleybank[.]com and siliconvalleybonk[.]com have clearly been set up to launch impersonation attacks, hoping people don’t notice those typos in the URLS. Other examples include myaccount-hsbc[.]com and thesiliconvalleybank[.]com. Meanwhile Svb-usdc[.]com and svb-usdc[.]net are both already set up to launch phishing attacks.
Google is already blocking these and alerts any visitors to that effect. Exploring beyond that warning reveals a ‘lookalike’ site offering a reward program and clicking ‘claim’ opens a QR code.
Fake URLs to drive traffic Some of the newly registered URLs are also being used to drive traffic. hsbcinvestdirect.co[.]in uses HSBC brand in order to gain more traffic for an Indian-based website with adult content. Meanwhile SVBlogin[.]com loads up All Day Capital Partners website offering to ‘help’ SVB customers. Many of the others are cybersquatting, no doubt hoping to sell on, while others registered but don’t contain any content or redirect, as if waiting to see how things pan out. Perhaps one of the oddest is svbbankrun2023[.]com, which hosts a merchandise shop selling SVB-themed items.  
Tessian Recommends: The following list should be used as a blocklist at your own risk, but we advise adding the newly registered domains on a watchlist for monitoring purposes. Here’s a full list of SVB and HSBC URLs we’ve documented so far.    Hsbcsvb[.]com Siiiconvalleybank[.]com Login-svb[.]com Svbankcollapseclaimants[.]com Svbankcollapselawsuit[.]com Svblawsuits[.]com Hsbcinvestdirect.co[.]in Svbanklegal[.]com Svbankcollapse[.]com Svbankcollapseclaims[.]com siliconvalleybankfilm[.]com siliconvalleybankcrash[.]com siliconvalleybankcollaps[.]com siliconvalleybankcolapse[.]com siliconvalleyfederalbank[.]us silliconvalley[.]ink siliconvalleyfederalbank[.]net siliconvalleybank-usdc[.]com siliconvalleybonk[.]com ziliconvalley[.]sk siliconvalleybankcustomerservice[.]com siliconvalleybankhelp[.]com siliconvalleyentrepreneursbank[.]com siliconvalleybankcreditors[.]com siliconvalleyentrepreneurbank[.]com siliconvalleybankclasaction[.]com wwwsiliconvalleybankclassaction[.]com siliconvalleybankfailures[.]com siliconvalleybanksettlement[.]com siliconvalleybank[.]xyz siliconvalleybank[.]lol siliconvalleyfederalbank[.]biz siliconvalleyfederalbank[.]lol siliconvalleybankmovie[.]com siliconvalleybank[.]biz siliconvalleybn[.]com siliconvalleybanklawsuit[.]com siliconvalleybankclassaction[.]com siliconvalleybankreceivershipcertificate[.]com siliconvalleybankcollapse[.]com siliconvalleybust[.]com svbbankrun2023[.]com svbalternative[.]com svbankclassaction[.]com svbanklawsuit[.]com svb-cash[.]com svbfdic[.]com svbwiki[.]com svbcollapseexplained[.]com banksvb[.]com svbdeposit.fyi svbcollapse[.]net svbbailout[.]org fucksvb[.]com svbcoin[.]xyz svbchain[.]xyz svb-usdc[.]com svb-usdc[.]net svbfailure[.]com svbopenletter[.]com svbplaintiffs[.]com svbinfo[.]com svbbankrun[.]com svbrecovery[.]com svbmeltdown[.]fyi wefundsvbclients[.]com svbreceivership[.]com svblogin[.]com svbcollapse[.]com svbclaim[.]com svbdebt[.]com svbclaims[.]net svbbailout[.]com svbi[.]io svbank[.]com hsbcbdubai[.]com hsbc079[.]com hsbc757[.]com Hsbc736[.]com hsbc119[.]com hsbc719[.]com hsbc938[.]com Hsbc891[.]com Hsbc-premium[.]com Hsbckyc[.]com Hsbclogin[.]co Myaccount-hsbc[.]com Thesiliconvalleybank[.]com 1svb[.]com Circle-svb[.]com Svb2023[.]com Svbgate[.]com Svbtoken[.]com Svbnfts[.]com whatissvb[.]com
Read Blog Post
Attack Types, Threat Stories, Advanced Email Threats
The Current SVB Banking Crisis Will Increase Cyberattacks, Here’s How to Prepare
by Tessian Threat Engineering Group Monday, March 13th, 2023
The recent banking turmoil involving Silicon Valley Bank and Signature Bank sent shockwaves through technology firms globally as they scrambled to transfer their capital, secure payroll, and pay their bills. However, this mass changeover in banking details is exactly the situation that breeds targeted cyberattacks. Although the swift intervention of The Federal Reserve, The Bank of England, HSBC and others helped calm the liquidity crisis, a cyber threat crisis is likely now brewing as threat actors spin up a host of impersonation attacks and campaigns. The Tessian Threat Intel Team has already seen dozens of SVB and HSBC-themed URLs registered, some of which are used to launch phishing campaigns. 
Money, distraction, urgency Bad actors are driven by money. And there is a lot of money at play with this crisis. The streaming firm Roku indicated it has about $487 million in deposits at SVB. They are likely making changes now to diversify where they deposit this money and, accordingly, updating wiring instructions to reflect these new banking relationships. In their Q4 Risk Insights index, Corvus Insurance indicated 28% of all claims in Q4 2022 were due to fraudulent funds transfers. Threat actors relish the confusion and rapid changes that come with a crisis like this. The sheer number of updates to wiring instructions increases the chances that standard operating procedures around changing wiring instructions are ignored. Common operating procedures around changing wiring instructions might include (a) verifying the authenticity of each request by calling the person (using a known, existing phone number, not one provided in a new email) (b) implementing a call-back verification system for each vendor when any wiring instructions are changed, and (c) implementing dual control and multiple “eyes” on every wire change request. Tessian is already seeing genuine email traffic related to changing wiring instructions and expects to see advanced attacks leveraging this crisis soon. Finally, the scale of this crisis is huge and information about it is widespread. There are a large number of affected entities – Reuters published a list detailing not only the firms affected but their financial exposure – ensuring a target rich environment for the bad guys.
Fraudulent (and genuine) wire transfers The top 2 common attack vectors with fraudulent funds transfers are (1) impersonation attacks and (2) targeted phishing attacks. In an impersonation attack, the bad actor impersonates someone or some company that is known to the organization. They will typically do this by registering a new domain name that is largely similar to the targeted company’s domain.
In this example, the attacker registered a new domain name (salesciricle-receivables.com) which looks similar to salescircle.com. They are reaching out to the finance department at Acme to request a change in bank accounts for future payments. Sophisticated attackers will conduct research using publicly available information (10-K annual reports, LinkedIn blog posts, LinkedIn connections to the CFO or Accounts payable personnel, and any website mentions) to build a convincing approach.  A targeted phishing attack would use similar impersonation methods while attempting to gain access – either electronically with a username and password or via socially engineered approach – to implement a fraudulent funds transfer. In the below example, the attacker is impersonating a known, trusted domain and attempting to gain access to an accounts payable employee. 
Recommended next steps Tessian’s Threat Engineering teams are monitoring our datasets closely for emergent threat signals and updating Tessian’s Global Threat Library and Behavioral Intelligence Model in response. Our existing Defender customers will automatically benefit from this protection. In addition, we are recommending the following steps to further protect our existing customers: Deployment hygiene: review your deployment coverage to ensure Defender’s protection is configured to apply to all mailboxes on all devices. Schedule a deployment health-check.  Enable warnings for money requests: for additional protection, Defender Customers can leverage Defender’s Custom Protection to detect and warn users when an email “requests money”.  Reinforce approval processes: work with your finance teams to revise and review your payment approval workflows, and consider adding an additional internal verification layer to account for the increased risk 
How Tessian stops wire fraud attacks Built ready: The SVB crisis and other events like this are exactly the sort of thing Tessian was built to handle. Tessian covers fraudulent fund transfer attacks and other scenarios that are difficult to detect and that are often missed by legacy email security tools. Tessian is built to detect and prevent any variations of wire fraud attacks.
Spotting imposters: Tessian catches thread hijacking attempts by looking for subtle indications of domain spoofing and small changes in behavior that suggest the sender isn’t who they say they are.  Custom protection: All Tessian customers have access to an additional layer of protection that allows them to educate users at the point of receiving a suspicious email including those involving fraudulent funds transfers. Defender’s Custom Protection gives organizations an additional layer of security by alerting users when an email triggers specified conditions. This provides further fine tuning around threats specific to your organization or specific groups within your organization.
Proactive defense: As this situation evolves, Tessian’s Threat Engineering Team are closely monitoring incoming emails for new phishing tactics and upward trends in existing ones, continuously improving the breadth and accuracy of the protection we provide to our customers. Our threat intelligence team can also respond to new phishing campaigns in a matter of minutes by updating our global threat library, ensuring that all of our customers are protected against malicious sender domains and URLs. Guidance: While we may see more basic attacks leveraging the SVB crisis initially, threat actors will quickly evolve in sophistication to take advantage of the sheer volume of wire changes occurring to better target organizations. Legacy email security tools that use rules and policies are more likely to miss these attacks or report large numbers of false positives. Tessian’s guidance to our customers and anyone else is to expect a significant uptick in volume and in quality (more convincing) attacks on your employees over the coming weeks and months. See Defender in action (video) or request a free trial of Tessian to start detecting wire fraud attacks today.
Read Blog Post