Request a Demo of Tessian Today.
Automatically stop data breaches and security threats caused by employees on email. Powered by machine learning, Tessian detects anomalies in real-time, integrating seamlessly with your email environment within minutes and starting protection in a day. Provides you with unparalleled visibility into human security risks to remediate threats and ensure compliance.

Live Webinar | Ready to Supercharge Your Microsoft Environment? Yes, sign me up!

Threat Intel

Tessian Threat Intelligence and Research team uncovers trends and insights in email security related to phishing, social engineering, and more. Learn more!

Threat Intel
US Legal Education Provider Spam Campaign Detected
By Charles Brook
11 June 2021
Overview Time period: March 2020 – May 28, 2021 Number of emails sent: >405,000 Subject lines used: 5,881 Mailboxes targeted: 2,099 Sender domains used: 821 Tessian’s Research & Intelligence team have identified a pattern of suspicious email activity across the Tessian platform, originating from a US-based online “leader in legal education”. The first email campaigns were detected in early 2020. In every campaign, the organization appears to be promoting discounts on educational courses or new curriculum. New domains – our team has observed 2-3 new domains appearing per week – were used to evade spam filters and SEGs. Who was targeted? Over 10% of our customer base received one of the campaigns from this legal education firm. 65% of the targeted customers are in the Legal sector; 25% are in Financial Services. Almost all targeted customers are US-based. Nearly every customer has a legacy Secure Email Gateway (SEG) and Tessian Defender as part of their inbound email tech stack. These emails bypassed the SEGs, but were flagged as potentially malicious by Tessian Defender.
One single law firm received an astounding 280,000 emails from this organization in a little over a year. Other Tessian customers received several hundred to thousands in the same time frame. Normally high-volume campaigns like this are not very targeted or customized to the recipient. In this case, the sender has taken a scatter-shot approach with the hope that a fraction of the recipients engage. Even if these emails are not malicious, they are certainly a nuisance – especially for busy attorneys.   What was the angle? Nearly 6,000 subject lines were used in these email campaigns. Notable themes and keywords include: Coronavirus / COVID-19 Cryptocurrency, Blockchain, Bitcoin and Smart Contracts AirBnB & Short-Term Rental Law Marijuana, Hemp and Cannabis Law  Judgments & Asset Protection Uber, Lyft & Ridesharing law Discounts Last/final day to register It appears that they are attempting to capitalize on new or trending legal topics, which could be particularly relevant to law firms and financial services institutions.
Suspicious, not necessarily malicious  While this legal education provider may be a legitimate organization, their website is insecure (no SSL certification, no padlock icon), and more importantly, the way they are building and distributing these email campaigns is suspicious; their tactics mimic those deployed by cybercriminals to evade defenses. For example, the emails are often sent from a recently registered domain by a sender the recipient will probably not have seen before. These are two key indicators that trigger Tessian Defender. In a little over a year, the legal education provider registered over 800 domains; sent emails from over 825 email addresses; and used about 20 different display names. This sort of behavior indicates that they were deliberately crafting emails to bypass rule-based filtering. [Read more about display name and domain manipulation.] Why? Once a domain has developed a reputation for spam, then it can be added to a spamming blacklist, which will be a significant factor considered by spam filters.  Registering a new domain with a fresh or unknown reputation is the easiest way to get around this. This is not dissimilar to how hackers create phishing attacks.  The emails often also contained a sense of urgency to bait the recipient into buying or signing up to something while a certain discount is still available. Urgency (i.e. “Last day to register”) is another technique regularly employed in phishing emails. Most of the URLs in the emails pointed to a legitimate website called Constant Contact (an email marketing tool). What can you do about it? General guidance  Limit how far you share your email address across the internet. Keep it private unless it is essential to share it. Do not click on any links in spam emails as they could be malicious. Mark it as spam or move it to your spam/junk email folder to help train the spam recognition algorithm. After marking it as spam, delete the email from your spam/junk folder. If you’re a Tessian customer Review attacks in the Tessian portal and add senders to a denylist to be blocked before reaching inboxes in the future.  Review attacks in the Tessian portal and remove emails from employee inboxes.  Use the Human Layer Risk Hub to understand which employees are most at risk of phishing; then notify them individually or create customized warnings to educate them about the risk. The primary way for avoiding spam is to limit how much you share your email address across the internet. Be cautious of who and what services you sign up to with your email address – whether it’s your personal or business email address. Some services may willingly sell your information to spammers or marketers. The key difference between marketing emails and spam is that marketing emails should only be sent to emails that have consented to receive them. To comply with regulations like GDPR and CCPA, marketing emails must also provide an easy way to opt out of future emails, for example, by including an unsubscribe link or button in the email. Last but not least, if you’re a lawyer, always make sure the provider and courses of legal training are accredited. 
Threat Intel
Analysis of Executive Impersonation Burst Attack
By Charles Brook
24 May 2021
Overview Industry: Legal Size: 5,000 employees Platform: O365 In May 2021 Tessian Defender flagged a series of emails sent to a global law firm. The emails were attempting to impersonate a senior partner at the firm and targeted a list of other partners. Reconnaissance  The firm being targeted by the attacker operates globally, but the senior partner they were impersonating was based in Australia. All employees targeted in the attack – including their contact details – are featured on the firm’s website. Eleven partners were targeted by the attacker. All of them were also based in Australia, indicating the attacker spent time considering who to target based on what they were able to learn from reconnaissance activities against the individual they wanted to impersonate. It is likely they chose targets they assumed would be in regular contact with the senior partner at the firm. The attacker had registered an email address with Gmail containing the word “partner” at the beginning followed by a series of numbers. They also changed the display name associated with the address to match the name of a senior partner at the firm they were targeting. Attack Deployed In the email sent, the attacker asked questions about the targeted recipient’s availability, implying that part of the intention was to establish a dialog for social engineering. From the email headers, it also appears that the email was sent from a mobile device.  There were no links or attachments included in any of the emails. It is likely the attacker was hoping to receive a response from any of the 11 targeted partners, with the intention of building a rapport and then socially engineering them into carrying out actions on the attacker’s behalf; for example, giving up sensitive information or unwittingly compromising the firm’s network infrastructure by further directing them to a malicious link or attachment.  Threat Detected and Prevented At the time the emails were sent, Tessian Defender was being trialed at the firm across a subset of users. Two of the users who received the email had Defender installed. For both users, Defender flagged the email as a possible impersonation of someone else at the firm based on the display name, and warned them there was something suspicious about it.
Both users who received the notification from Defender marked the email as malicious, which subsequently alerted the security team.
This attack was not particularly sophisticated but could have easily gone unnoticed by busy employees – especially if viewed on a mobile phone, where sender addresses are often not visible. More importantly, this rudimentary attack was not detected by the firm’s Secure Email Gateway.  Tessian Threat Intelligence in the portal drew the security team’s attention to the suspicious indicators: “first time sender” – the recipients had never been emailed by this sender before Keywords like “are you available” were highlighted; which coming from a first time sender signals risk After the security team investigated the threat, they notified the other targeted users in the firm and the incident was resolved without any damage being done. 
ATO/BEC Threat Intel
How Cybercriminals Exploited The Covid-19 Vaccine Roll-Out
By Tessian
10 May 2021
The National Cyber Security Centre (NCSC) recently revealed that it removed more online scams in 2020 than in 2016-2019 combined, due to a surge in malicious activity related to the Covid-19 pandemic.  In a report published by the NCSC’s Active Cyber Defence program, it’s revealed that more than 120 phishing campaigns in which the NHS was impersonated were detected in 2020 – up from 36 in 2019. The lure commonly used in these scams? The vaccine roll-out. How have cybercriminals taken advantage of the Covid-19 vaccine? Tessian researchers have been monitoring phishing campaigns related to the vaccination roll-out since the start of 2021, and their findings clearly demonstrate how quickly cybercriminals will jump on milestone moments to craft convincing scams.  In fact, in the week commencing January 4th 2021, Tessian data shows that the number of scam emails related to the vaccine was 188% higher than the weekly average of such scams detected in 2021. It was during this week that the UK began distributing the AstraZeneca/Oxford vaccine. Our researchers also saw significant spikes in suspicious emails related to the vaccine during the: Week commencing 25th January, when the Biden administration promised to have enough coronavirus vaccine for the entire US population by the end of summer. During this week, the number of suspicious emails relating to vaccines increased by 585% compared to the previous week.  Week commencing February 8th, when U.S. government officials announced that around 1 in 10 Americans had received the first dose of the two-part Covid-19 vaccine. The number of suspicious emails was 148% higher than the weekly average of vaccine related scams detected by Tessian in 2021.  Week commencing February 15th, when G7 countries pledged $4 billion to global Covid-19 vaccine initiatives. Suspicious emails related to the vaccine were 133% higher than the weekly average.  Week commencing March 1st, when President Biden announced that vaccines will be available for every US adult by May. The number of suspicious emails related to vaccines during this week were up by 161% compared to the previous week.  Now that the vaccine roll-out is well and truly underway, with many people having received both doses of the jab, Tessian researchers reported a significant drop in the number of scams. This a clear indication that hackers were responding to hot topics in the news to apply a sense of urgency and timeliness to their malicious campaigns.
Why are these phishing attacks so effective?  After a year of stress and uncertainty, people were desperately waiting for the vaccine roll-out. People urgently wanted to find out things such as when they will get the vaccine, where they can receive the jab, and many more wanted to research and understand potential side effects.  In response, cybercriminals capitalized on people’s desire for more information. They created fake websites, in which people were lured to via phishing scams, and tricked their targets into sharing personal or financial data in exchange for the information they were looking for. Tying their campaigns to timely moments in the news added another layer of urgency.  In fact, additional Tessian research revealed that a significant of website domains related to the Covid-19 vaccine were registered in the early days of the roll-out, with over 2,600 new website domains being created between 5 December 2020 and 10 January 2021. Many of these domains impersonated legitimate healthcare websites, touted misinformation around injection side effects, and falsely claimed to offer guidance around timing and logistics of distribution. The reason why these phishing scams are so effective is because hackers use techniques to prey on people’s vulnerabilities during times of crisis. In a report we published with Jeff Hancock, Professor of Communication at Stanford University and expert in trust and deception, he said, “when people are stressed and distracted, they tend to make mistakes or decisions they later regret.”  What does a vaccine scam look like?  Oftentimes, cybercriminals impersonated trusted healthcare organizations or government agencies to trick their victims into thinking they’d received an email from a legitimate source, as shown in the example below. 
In other examples detected by Tessian, bad actors would impersonate Human Resource departments, urging staff to click on links or download malicious attachments that supposedly contained information about the vaccine roll-out and/or infected employees. Below is an example received by a global financial services enterprise, and detected by Tessian Defender. In this case: The attacker registered a domain to impersonate an outsourced Human Resources function in a phishing email.  The phishing email used Covid-19 as the theme and used fear and urgency tactics to announce an “Covid-19 Emergency”, seemingly providing a list of known infected persons.  The aim of this was to encourage those who received the email to click a link to a PDF which claimed to contain information about the emergency and a list of infected individuals.  The attacker used the name of the financial services organization in the name of the file which was linked to in the URL. This implies that this attack was highly targeted; the recipient would assume that the link was legitimate.  It’s likely that the PDF linked to in the URL would have contained malicious macros designed to infect the target’s device. 
How to spot a Covid-19 scam Always be wary of emails purporting to come from healthcare organizations asking you to click on links to ‘find out more’. Always check the sender name and address, particularly if you have received an email on your phone in order to verify the sender’s identity. It’s also important to question any websites that request personal data. Domains that spoof government healthcare websites, like the Centers for Disease Control and Prevention (CDC) are especially dangerous, as cyber criminals could potentially steal extremely sensitive information such as Social Security numbers and health information like insurance or medical history details.  At a time when phishing scams are only growing in frequency and sophistication, always think twice before entering your personal information online and remember, if it doesn’t look right, it probably isn’t. Remember, you can always verify any question by contacting the sender directly, via another means of communication, to check it’s the real thing. 
Threat Intel
Vendor Email Compromise: Analysis of an Account Takeover Attack
By Charles Brook
28 April 2021
Overview Industry: Construction Size: 500 employees Platform: O365 In March 2021 Tessian Defender flagged an email received by one of our customers from one of their trusted vendors. The vendor had suffered from an account takeover when an attacker used compromised credentials to login to the mailbox of one of their employees and send out malicious emails.  Targets Identified With access to the vendor mailbox, the attacker was able to identify all organizations or individuals they had regular correspondence with. The attacker identified a list of 6 high-ranking employees – including the CEO and their PA –  who were part of an organization the employee had regular correspondence with. This organization – a construction firm – happened to be a Tessian customer running Defender across their mailboxes. Attack Deployed The attacker sent an email to their targeted list of recipients from the compromised account. This email contained a message outlining a request for proposal for a piece of work. The email also contained embedded links to a file sharing location hosted by, which the recipients were encouraged to click on to see full details of the request.
Threat Detected In addition to Tessian Defender, the targeted firm has in place another major phishing detection and response platform, as part of their email security stack. The account takeover attack was only flagged by Defender. Defender flagged this email as a possible account takeover attack by identifying 2 significant abnormalities. While the email did come from a trusted sender, what appeared to be out of place was that the email had been sent from a client IP address located in Miami, Florida, which is not a location the sender was known to have previously operated from. (The vendor is based outside the US.) Additionally the file sharing site – – was not a tool the sender was known to use.
The recipients of this email saw the warnings generated by Defender and, fortunately, marked them as malicious, which alerted their security team. The security team was then able to act on the attack. They contacted the real owner of the sending email address by phone to verify the legitimacy of the email and inform them their account may have been compromised. Minimizing fallout This attack could have been much worse had it not been for Defender flagging the malicious email, which could have otherwise gone unnoticed as it was sent from a trusted email address. The warning message displayed to the recipients successfully nudged them into treating the email with caution and raising it to the security team.  Most significant is that the security team on the recipient side went the extra mile to notify the owner of the compromised account. This enabled the security team on the sender’s side to quickly take the following remediation actions: Identify and notify any other organizations that were targeted by the attacker Secure the compromised mailbox and reset the credentials As a result, the attacker was prevented from sending malicious emails to any other target organizations. 
ATO/BEC Threat Intel
Cybercriminals Take Advantage of Mass Unemployment in Phishing Scams
By Charles Brook
07 April 2021
The global COVID-19 pandemic has wreaked havoc on job markets. In the US, the unemployment rate stands at 6.2 percent and in the UK, it’s estimated that around 2.2 million people, or 6.5% of all workers, could be unemployed at the end of the year.  Cybercriminals are taking note.  When Tessian researchers analyzed suspicious emails relating to ‘unemployment’ and terms associated with unemployment that were flagged by our inbound solution Tessian Defender, they saw a notable spike in suspicious emails related to unemployment and COVID-19 in the week of 24th February – the week in which President Biden announced the third round of stimulus checks, which would send billions of dollars to people without jobs. Our researchers also noted a spike in suspicious activity during the week of 8th March which is when COVID-19 the stimulus checks started being received. They found that: In the week of 24th February, the number of suspicious unemployment and COVID-19 related emails was 40% higher than the weekly average of such emails detected since the start of 2021. The number of unemployment themed emails alone was 16% higher than the weekly average. In the week of 24th February, the number of unemployment and COVID-19 related emails was 50% higher than previous week.  In the week of 8th March, the number of suspicious unemployment and COVID-19 related emails was 51% higher than weekly average recorded since the start of 2021. The number of unemployment and COVID-19 related emails detected during this week was 69% higher than the previous week.  Over the last 12 months, cybercriminals have capitalized on the fear, uncertainty and doubt created by the global pandemic to make their scams as believable and convincing as possible. At the start of 2021, for example, Tessian reported a surge in newly registered domains related to the vaccine roll-out and confirmed that a number of these websites were malicious and designed to harvest people’s financial information and account credentials. Now, cybercriminals are launching scams to prey on people who are vulnerable, out of work and urgently looking for relief. They are well aware that these individuals may be applying a little less scrutiny to the messages they receive – especially if the emails appear to have come from a legitimate and trusted sender. How do unemployment scams work?  Here’s how a typical unemployment related scam works: A fake job posting is listed on legitimate job sites. Often, scammers will target small businesses to spoof or impersonate as it is less likely for these companies to monitor their job listings.  An applicant will respond to that ad and will be sent a generic email asking them to perform a task for the interview process. These phishing emails could contain malicious attachments that applicants are asked to download or links to fake websites that ask applicants to input sensitive or personal information. This information could, then, be used to commit identity fraud.  Scammers will also ask applicants to click on a link that refers them to a fake credit check website. Here, they will ask the applicant to share financial information or wire money. Cybercriminals can also identify targets via social media sites like LinkedIn. A recent report from Tessian found that 93% of people share job updates online, and while it’s common for people to let their networks know that they’ve been laid off and are looking for jobs, they are also unknowingly giving cybercriminals the information they need to craft convincing social engineering attacks that are designed to steal personal information.  The FBI has released warnings of unemployment scams, disclosing that many U.S. citizens have been victimized by bad actors “impersonating the victims and using the victims’ stolen identities to submit fraudulent unemployment insurance claims online.” In fact, figures from a watchdog for the U.S. Department of Labor reveal that Americans have lost a shocking $63 billion of unemployment funds during the pandemic to improper payments and fraud, while the Illinois Department of Employment Security reports having stopped around 1.1 million claims involving identity theft in the past year. In many cases, victims don’t even realize they’ve been targeted until they later try to file for unemployment insurance benefits, receive a notification from the state unemployment insurance agency or even get notified by their employer that a claim has been filed while the victim is still employed.
What can you do to avoid falling victim to the scams? It’s always worth remembering that an official government agency or state workforce agency (SWA) will not contact you out of the blue, asking you to apply for UI benefits via an email or a text. So if you do receive a message like this, then do not click on the links or comply with the actions. We also recommend that you: Inspect emails carefully. Look for the .gov URL in the sender’s email address and check that the sender’s email domain matches the sender’s name. Don’t click on anything unless it’s from a legitimate source. Verify the legitimacy of the sender by calling the organization or agency directly. Adopt two-factor authentication and try to not use the same password across different sites. Password generators like 1Password create unique passwords and protect them with encryption software. Monitor your bank accounts on a regular basis to check for any fraudulent activity.
Threat Intel
How Easy is it To Phish?
By Charles Brook
17 March 2021
You might assume that to carry out a phishing campaign you’d need to be fairly tech savvy or have committed a lot of time to learning how to become a “hacker”. But this is not necessarily the case.  Part of the continued increase in both the volume and sophistication of phishing attacks is due to the availability of free to use open source social engineering tools. These tools are primarily intended for use by security professionals but are not exclusively available to them. With a little bit of Googling, these tools can be easily found and be put to use by anyone—not just experienced cybercriminals. Of course, it is easier if an individual already has a fairly technical background, but this is not a requirement.  This blog is for educational purposes only, intended to help security professionals protect themselves against these email threats by better understanding how they are created. Creating a phishing campaign All anyone needs to be able to create their own phishing campaign is: An anonymous or disposable email address A target The ability to follow instructions One tool available that is commonly used by malicious and ethical hackers alike is the Social Engineering Toolkit, or SET for short. This is part of the default toolset that comes preinstalled on Kali, a Linux distribution built specifically for penetration testing and information security purposes. SET provides an intuitive command line interface, which provides step-by-step guidance for creating a social engineering scenario. This includes steps for phishing. With this tool a cybercriminal can easily create a phishing campaign on a mass scale against a list of email addresses they’ve sourced. Or they can create a more personalized and targeted spear phishing campaign. Depending on the type of attack a cybercriminal wants to perform, it can even include instructions on how to automatically clone a website login page to harvest credentials, or create a malicious file to infect targeted user machines.
SET is an extremely powerful tool in crafting social engineering attacks. It does require a cybercriminal to have a reasonable level of technical understanding though and, as stated at the start of this blog, not all cybercriminals need a deep technical background to create a phishing attack. Worryingly, there are a number of free open source tools that provide wannabe attackers with simple guides to building and deploying phishing campaigns.  Gophish is an example of another free and open source tool which provides a platform for crafting and deploying phishing campaigns, but with the added benefit of a friendly-looking graphic user interface. These tools tend to be used by security professionals for the purpose of testing and educating, but are available to anyone, which unfortunately includes people with bad intentions or motivations. That means bad actors could leverage them to potentially compromise an individual or organization. Tools like these require only a small amount of research in order to find, and there is no shortage of tutorials available explaining how to operate them. They often have the functionality to clone existing web pages and create fake or look-alike landing pages, to help campaigns appear more convincing. Additionally some even provide reporting functionality that allows you to visualize the “performance” of a campaign. For example, an attacker can view metrics on how many people were reached, how many clicked on a link, and how many credentials were captured or machines infected etc.
An even more basic method of phishing is display name impersonation, which does not require any special tools. All an attacker has to do is register a new email address and simply change the display name on the account to appear as someone else. This can be effective against recipients viewing emails on mobile devices, which typically only show the display name of a sender.  Phishing for Hire A cybercriminal doesn’t have to carry out an attack on their own. Hacking for hire is available across some of the less reputable parts of the internet, like the dark web—the part of the internet only accessible by means of special software that will allow someone to remain anonymous and untraceable while browsing. This is an online area where illegal or blackmarket activity regularly takes place. All you need to hire a hacker for a phishing campaign is: Ability to view the dark web via an anonymous browser Some cryptocurrency Accessing and browsing the dark web is also not as difficult as many might think. The Tor Project offers the most commonly used browser that will allow individuals to browse the internet anonymously and access the dark web From this browser, you can start searching using the default search engine provided to look for pages that will offer links to dark web marketplaces. Some of these links are even referenced by articles or research pieces that are indexed by major search engines making them easier to find. With enough browsing you will find more and more “hidden wiki” pages that will provide many more links that help navigate the dark web. There is a reasonable element of risk that comes with browsing the dark web. Plenty of scams and fake services exist, which even an experienced cybercriminal could fall victim to. But, if careful and persistent enough, it isn’t too difficult for an individual to find someone who could build and deploy a phishing campaign for them. These will be pages maintained by cybercriminals, outlining their services for hire, the specific techniques they offer, and their pricing structure. There are even reviews of hacking-for-hire services available, so that users can find the ones that will be the most reliable!
The cost of hiring a hacker? It can vary depending on who is hired and the specific service required, but services that might need social engineering could start from as little as $200 – $300 in cryptocurrency.  An example of a phishing attack detected by Tessian Phishing attacks can take many forms. Here is one example of a phishing email that was flagged by Tessian Defender:
In this example, an attacker is attempting to convince the recipient that they are a new HR Manager from an outsourced firm (a third-party vendor).  The key indicators that identify this as a phishing email are: It contains hyperlinked text concealing a link to a malicious website. Upon hovering, the suspicious URL is revealed. The sender plays on human kindness by pretending to be a new starter looking for help. A sense of urgency is used to encourage the recipient to act fast or something bad might happen. There are some minor grammatical errors, which are common amongst phishing emails. The email domain is not often seen across networks defended by Tessian. This is an additional flag made possible from insight generated by the Tessian Defender platform. This type of phishing email could have been easily constructed, distributed and tracked by a cybercriminal using an open source social engineering tool. Tessian Defender was able to identify the anomalous signals in this email and nudge the recipient into exercising caution. Looking for more examples of phishing attacks flagged by Tessian Defender? Check out this article. Conclusions The main conclusion to be drawn here is that it really isn’t very difficult for anyone to launch a phishing attack as long as they have the time and the will to do so. Some methods may require a little more technical ability or effort to research than others, and some may be riskier. But the availability of advanced and intuitive social engineering tools make phishing very accessible and simple to do.  This is likely to be a factor in why the volumes of phishing attacks are so high and why there are new campaigns appearing all the time. It’s the newer and more targeted spear phishing campaigns that present the greatest threat to individuals and organizations as they are more difficult to spot. The newer a phishing campaign is, the less likely it is to be flagged by conventional spam filters or rule-based detection platforms. If the campaign is highly targeted, then it will likely have been tailored to have the best chance of bypassing legacy controls and deceiving the target. The social engineering tools described in this post make it much easier for someone to customize and tailor a phishing campaign against a specific target demographic. What can you do to protect yourself? Most spam filters or rule-based email protection platforms are capable of detecting and mitigating the majority of known or recurring phishing campaigns. But this only applies to known campaigns and the detection platforms are only as good as their latest release, which is why it is important to keep your software up to date. One way to reduce your risk of compromise if you do ever fall for a phishing attack aimed at credential harvesting, is to make sure all your major online accounts have two-factor or multi-factor authentication enabled. This makes it more difficult for an attacker as they would also need the authentication token required to login with your credentials. It is also best practice to avoid using the same password repeatedly across different accounts. A common technique used by attackers with a list of stolen account credentials is to attempt to login with them across multiple online services on the off chance any of the same email address and password combinations may have been used. This technique is referred to as credential stuffing. Organizations can also make sure it is difficult for cybercriminals to spoof their domains by publishing and maintaining their DMARC authentication protocol records. They can also go a step further by adding canarytokens to their webpages so it’s easier to spot when cybercriminals are cloning their website for use in phishing campaigns. But, even DMARC isn’t enough to stop targeted impersonation attacks. Learn why.
Targeted spear phishing can be much harder to detect with automated tools. This is why it is important to be vigilant if you receive a suspicious looking email appearing to originate from someone you trust. If the content of the email or the behavior surrounding it feels abnormal in any way, then this can be a strong indicator that something is not right. You can find some specific examples of red flags to look out for in this article: What Does a Spear Phishing Email Look Like? Tessian Defender aims to identify this sort of anomalous behavior to help keep you protected from attackers who may try to socially engineer you into letting your guard down so they may achieve their malicious goals. You might have assumed that phishing requires a lot of skill and technical knowledge, but you’d be mistaken. Anyone can be phished by anyone.