Tessian Recognized as a Representative Vendor in 2021 Gartner Market Guide for Data Loss Prevention — Read more.

Request a Demo of Tessian Today.
Automatically stop data breaches and security threats caused by employees on email. Powered by machine learning, Tessian detects anomalies in real-time, integrating seamlessly with your email environment within minutes and starting protection in a day. Provides you with unparalleled visibility into human security risks to remediate threats and ensure compliance.
Spear Phishing

Get up to speed on the latest tips, guides, industry news and technology developments around phishing, spear phishing and Business Email Compromise.

Spear Phishing
How to Avoid Falling For a Phishing Attack
17 February 2021
Phishing is a decades-old social engineering attack that costs people and businesses billions each year. One small mistake can have serious consequences. But you can take a few simple and effective steps to avoid falling for one. This article will explain how to recognize a phishing email, how cybercriminals can leverage publicly-available information, and what technical solutions are available to help businesses prevent successful phishing attacks.  If you’d rather learn more about what phishing is, don’t worry. We can help. Read this article first: Phishing 101: What is Phishing? Learn to recognize a phishing email There are some hallmarks of a phishing email that you should be able to recognize.  But be careful —  none of these traits are common to every phishing email, and most of them won’t be present in more sophisticated phishing campaigns. And remember! Phishing and spear phishing are different. If you’re looking for tips to help you spot spear phishing emails, read this article instead: What Does a Spear Phishing Email Look Like? 4 Red Flags. 1. Branding When you receive an email, ask yourself “Does this look right?” A good first step is to check for inauthentic or amateurish logos and email signatures. Here’s an example: on the left is a genuine email from shipping company DHL, and on the right is a fake, taken from a 2020 phishing campaign:
You can see that the email on the right is trying to look like DHL. It’s using DHL’s red and yellow branding, but it’s clearly a cheap imitation. If you receive an email looking like this, alarm bells should immediately start ringing. 2. Spelling and grammar Second, check the email for spelling and grammar mistakes. Again, while poor spelling and grammar is a good indicator that an email is inauthentic, it’s increasingly common for phishing campaigns to contain very few errors. Check out this example:
This fake Netflix email is a real-life example of a credential phishing attack that has been circulating since at least May 2018.  Not sure what credential phishing is? We explain everything you need to know in this article: What is Credential Phishing? How Does it Work? Unlike the DHL email, this Netflix scam is pretty convincing, except for a couple of tiny errors that give it away. There’s an unnecessary space in the greeting (“Hello ,”) and a missing apostrophe (We re here if you need it).  These errors don’t necessarily indicate a phishing email — they might have gotten past Netflix’s quality control team — but they’re a red flag (if you notice them). 3. Sense of urgency Third, a phishing attack usually conveys some sense of urgency. Whether the attacker is trying to persuade you to make a payment, download a file, or click a link — they know you’re more likely to do so if you’re feeling anxious. Stressed people make bad decisions. We explore this in detail here: The Psychology of Human Error.  Here’s an example of an American Express scam that emerged in 2020:
Many people will panic when receiving this and immediately click “NO.” They might even do this despite having second thoughts about the nature of the email. Of course, this is exactly what the cybercriminal wants. 4. Inauthentic sender address Finally, there might be some more subtle indicators that the email you’ve received is part of a phishing scam. These have to do with the sender’s email address. A phishing email is more likely to succeed if it appears to come from an authentic email address. This type of phishing is called Business Email Compromise (BEC), and the FBI estimates that it cost businesses $1.7 billion in 2019. Cybercriminals use three main techniques to make email addresses look authentic: Email impersonation: The email looks similar to a genuine business email address (think “b.gates@micros0ft.com” or “elonmusk@tessianmail.com”). Impersonation can be easy to spot if you’re paying attention. Email spoofing: The fraudster amends the email’s headers, so the receiving email client displays a false address. In some cases, spoofing is only noticeable if you inspect the email header information. Account takeover (ATO): The email arrives from an authentic account that has been hacked. ATO is nearly impossible for a person to detect and requires email security software. Limit your publicly available personal information Spear phishing is a subcategory of phishing targeting a specific person by name. Cybercriminals can find your name and email address easily — but they probably have access to a lot more of your personal information, too. According to Tessian research, 90% of people post personal and professional information online. Many employees also appear in company publicity or press releases. Even out-of-office auto-replies can give away personal information.  This information is gold dust for hackers seeking to impersonate someone the target trusts. Drop in a few personal references — whether about the target or the person the cybercriminal is impersonating — and a spear phishing email becomes a lot more persuasive. Wondering what you should (and shouldn’t) post online? Read the full report to find out.
Deploy email security software If you’re an individual looking for advice, skip this section. This piece of advice is for security and business leaders. As we’ve seen, phishing is becoming increasingly hard for humans to spot. It’s also an email-based attack 96% of the time. That’s why deploying an intelligent inbound email security solution is the key to preventing phishing. Email security is particularly important as teams move into a remote working environment, away from the protection of CISOs and IT departments. Microsoft research shows that 80% of security professionals saw an increase in security incidents since employees started working from home. Phishing emails almost always carry some signals that reveal they are dangerous. The more subtle phishing indicators aren’t detectable by humans — or traditional solutions like Secure Email Gateways (SEGs) and spam filters. Tessian Defender uses machine learning, anomaly detection, behavioral analysis, and natural language processing to detect even the most discrete phishing signals. Click here to learn more about how Tessian Defender protects your team from phishing and other email-based cybersecurity attacks. You can also explore our customer stories to see how they’re using Tessian Defender to protect their people on email and prevent social engineering attacks like phishing.
Spear Phishing
Phishing 101: What is Phishing?
17 February 2021
First things first: let’s answer the question at hand.
That’s the short and sweet definition. But, there’s more you need to know. Phishing is a common type of social engineering attack that cybercriminals have been conducting for decades. In this article, we’ll take a look at some different types of phishing, how these differ from “traditional” phishing, and how phishing attacks work. Wondering what social engineering is? Check out this article, which includes plenty of real-world examples.  Definitions of phishing If you look at the definition above, you’ll notice we made an important distinction in the last sentence. “Phishing is typically bulk in nature and not personalized for an individual target.” But, oftentimes, you’ll hear the word “phishing” used as an umbrella term to cover many types of online social engineering attacks, including:  Spear phishing: A phishing attack targeting a specific individual Whaling: A phishing attack targeting a company executive Smishing: Phishing via SMS Vishing: Voice-phishing, via phone or VoIP software What links all these types of attacks? They all involve some form of “impersonation” — the attacker pretends to be a person or institution that the target is likely to trust. But, in this article, we’ll focus on traditional “spray and pray” phishing attacks. It’s one of the most straightforward types of online social engineering attacks.  Importantly, this “old-school” form of cybercrime is distinct from all the examples above because: Unlike smishing or vishing, phishing attacks occur via email.  Unlike spear phishing and whaling, traditional phishing isn’t targeted. Attackers send phishing emails indiscriminately, rather than emailing a specific individual. If you’re scratching your head trying to figure out how phishing is different from spam, we’ve answered all your questions in this article: Spam vs. Phishing: The Difference Between Spam and Phishing. How phishing works Let’s take a real-life example of a phishing attack to see how this type of cybercrime works. It appears to comes from a brand most of us know and trust: Netflix. 
So, what makes it a phishing email? The “UPDATE ACCOUNT NOW” button leads to a malicious website (not Netflix’s genuine website) designed to steal payment information.  But, the average person wouldn’t know that. The email arrived from “info@mailer.netflix.com” — a person could reasonably believe this was a genuine Netflix email address The “Help Center” and “Communications Settings” links lead to Netflix’s actual website The Netflix logo and branding look authentic But look a little closer, and you’ll notice a few giveaways. The greeting is generic (“Hello ,”). This suggests that this is a bulk email sent to many recipients. The email asks for payment details. Netflix will never request payment information via email. There’s a typo (“We re here if you need it”). Typos are increasingly rare in phishing emails, but they should always raise a red flag. This is not your typical “Nigerian prince” scam and it’s easy to see why so many people – both consumers and employees – fall for these scams. If you’re looking for statistics to back this up, check out this article: Must-Know Phishing Statistics (Updated 2021). Note that this scam appears to use “email impersonation”: the sender address (mailer.netflix.com) looks like it could be an authentic Netflix domain, but Netflix doesn’t own that domain at all.  Hackers can also use account takeover and email spoofing for more advanced phishing attacks. What is phishing for? We’ve looked at how criminals use different methods to conduct phishing scams and target different types of people. But why do they do it? Attackers use phishing scams to target different types of resources. For example: Credentials. Cybercriminals steal usernames and passwords to sell them on the dark web, access company data, or conduct account take-over attacks. Personal information. Addresses, social security numbers — even lists of names associated with a particular platform can be valuable to cybercriminals, who can use them to target spear phishing attacks. Money. Phishing attacks aiming to trick the target into transferring money to the attacker are common, but they’re normally reserved for more sophisticated types of phishing such as Business Email Compromise (BEC), which the FBI calls “the $26 billion scam.” Want to know which of these resources hackers target the most frequently? Download this infographic.  How common is phishing? Phishing has become a huge criminal industry, and there’s no sign of it getting smaller.  Here are some of the latest statistics: The FBI’s Internet Crime Complaint Centre (IC3) 2020 Internet Crime Report cites phishing as the leading cause of cybercrime complaints. Phishing complaints more than doubled between 2019 and 2020. According to Verizon’s 2020 data breach report, 96% of phishing attacks arrive by email (smishing and vishing account for 3% and 1% of attacks, respectively). Phishing is on the rise. Microsoft’s 2021 Future of Work report shows that 80% of organizations experienced an increase in security threats in 2020 — and of these, 62% said phishing showed the most significant increase. As a major cause of data breaches, phishing is a considerable business expense. According to IBM, the average cost of a data breach in 2020 was $3.86 million. Want more of the most up-to-date figures on phishing? Subscribe to our newsletter for monthly updates, straight to your inbox.  Now you know what “phishing” means, how common it is, and how much damage it can cause. If you want to learn how to protect yourself from phishing, check out our guidance on how to avoid falling for phishing attacks.
Spear Phishing
How Hackers Are Exploiting The COVID-19 Vaccine Rollout
By Laura Brooks
16 February 2021
Where there is uncertainty, there are cybercriminals. And the uncertainty surrounding the roll-out of the Covid-19 vaccine is creating the perfect environment for cybercriminals and their phishing scams. According to new Tessian research: 2,697 new website domains, related to the Covid-19 vaccine, were registered between 5 December 2020 and 10 January 2021. Many of these domains impersonate legitimate healthcare websites, tout misinformation around injection side effects, and falsely claim to offer guidance around timing and logistics of distribution to dupe people. Some of the newly registered domains were confirmed as malicious. Tessian researchers found specific examples of domains that impersonate a legitimate O365 login in page and Apple ID login page. These pages have been designed to steal people’s account credentials. 22% of the live domains take advantage of a technique called “typo-squatting” – a technique where one or two letters of a word are changed, in the hope that people make mistakes when typing the website into the URL bar or just simply miss the typo when landing on the page. One example of this is covidvaccime.com Why do newly registered domains pose a threat? The NHS recently issued a warning about scam emails that invite people to click on fake invitations to “register” for the vaccine. However, no registration is actually required for the real vaccine. The fake website, the BBC reports, also asks people for their bank details either to verify identification or to make a payment. Often, scammers will register new domains to lure people to a page after they’ve clicked a link in a phishing email. Tessian researchers found that many of the vaccine-related websites contain online forms designed to harvest financial or healthcare information and, in some cases, steal people’s account credentials. For example, some of the confirmed-malicious websites impersonate an Office 365 or Apple ID page and prompt people to log-in and share their username and password. People urgently want to find out things such as when they will get the vaccine, where can receive the jab, and many more want to research and understand potential side effects. As we’ve seen throughout the pandemic, cybercriminals are capitalizing on people’s desire for more information and are finding ways to trick people into clicking on links to fake websites or enter their valuable details.
Who is most at risk from the vaccine scams? Anyone who is eligible for the vaccine, and anyone who is looking for information about the vaccine roll-out, should be wary about the websites they land on. For example, concerns have been raised over U.S. health officials’ use of ticketing website Eventbrite to schedule vaccination appointments. Health departments have warned citizens of scams whereby fraudulent Eventbrite websites have been created, while The Tampa Bay Times reported that people had been charged money for vaccination slots that turned out to be fake. One of the main concerns surrounding vaccine scams is how hackers will target older generations – those at the top of the list for the vaccine. A Tessian report published in 2020 – The Psychology of Human Error – found that people over 55 years old were the least likely to know what a phishing email was. Awareness is crucial; people must think twice before responding to these messages and be sceptical of emails or websites requesting payment or personal information at this time.
Vaccine scams: what to look out for Be wary of emails purporting to come from healthcare organizations asking you to click on links to ‘find out more’. Always check the sender name and address, particularly if you have received an email on your phone in order to verify the sender’s identity. It’s also important to questions any websites that request personal data. Domains that spoof government healthcare websites, like the Centers for Disease Control and Prevention (CDC) are especially dangerous, as bad actors could potentially steal extremely sensitive information such as Social Security numbers and health information like insurance or medical history details. At a time when phishing scams are rife, always think twice before entering your personal information online and remember, if it doesn’t look right, it probably isn’t.
Spear Phishing
COVID-19: Screenshots of Phishing Emails
15 February 2021
Immediately after the outbreak of COVID-19, there was a surge in opportunistic phishing attacks in which hackers leveraged  the pandemic to dupe targets into following links, downloading attachments, or otherwise divulging sensitive information. Wondering what to look out for? We break down 4 emails below, including impersonations of Zoom, HR, and a VPN provider.  Looking for examples of spear phishing attacks that don’t leverage COVID-19? Check out this article instead. Phishing Email #1: Your CEO is Waiting for You
What’s wrong with this email? The Display Name (zoom_meeting@tessian.com) and the email address do not match. The actual sender address is fd29eaab47504bfa8bd773ee581bc7d4@tessian.com. The attacker, who sent the email on a Friday afternoon, is hoping that the target will a) be motivated to respond quickly to a meeting request from the CEO and b) be less scrutinizing and security-conscious as it’s the end of the week.  The target is being encouraged to click on a seemingly legitimate Zoom link, which would likely lead to a malicious site or could deploy malware.  Upon hovering over the provided link, you’ll find the URL is actually different than the hyperlink would lead you to believe The closing of the email is suspicious: “This message is from your company’s IT.” NB: This phishing email is a direct spoof and was prevented because of DMARC; it was automatically sent to a Spam folder. If you haven’t set your DMARC records correctly, these emails will fly past existing defenses.
Phishing Email #2: Generic Zoom Spoof
What’s wrong with this email? The Display Name (tessian.com ZoomCall) and the email address do not match, but the attacker is hoping the recipient doesn’t look beyond the sender Display Name. The conference call time and date in the email subject line seem to have already passed, based on when the attack was received. Note this email was received at 3:22am, so would likely be the first email the recipient reads in the morning.  The email contains the message “Zoom will only keep this message for 48 hours.” This combined with the subject line adds a sense of urgency and could potentially convince the recipient they’ve missed something important and should quickly try to remedy it.  The target is being encouraged to click on a seemingly legitimate Zoom link, which would likely lead to a malicious site or could deploy malware.  We’ve been pulling together guidance and resources to help employees and businesses stay safe while working remotely. If you suspect you’ve been targeted by a phishing attack, do not click any links or download attachments. Instead, directly contact the sender via phone or a messaging app to confirm legitimacy of the email and immediately alert your IT or security team.
Phishing Email #3: The Attacker is Capitalizing on Fear Around COVID-19
What’s wrong with this email? The Display Name (Information Unit) and the email address do not match at all. (What’s more, ‘Information Unit’ is not a genuine internal group at Tessian.) The attacker, who sent the email late-afternoon on a Friday, is no doubt hoping that the target – our marketing team –  is less scrutinizing and security-conscious as the week comes to a close, especially when employees across the globe are working from home. The target is being encouraged to download an attachment, which opens a fake login page to steal the victim’s credentials. The email is rife with spelling and grammar errors as well as formatting inconsistencies and the unconcerned, mechanical language is out-of-character for anyone in management, especially given the content of the email.  The attacker used complex encoding to try to evade traditional phishing detection tools that would scan for certain keywords in the email’s body. How? By interspacing different invisible characters between other characters so that the content looks like gibberish. Below is a screenshot of encoding in the email body for reference. Here, you see the characters marked “transparent”; those are the invisible characters.
Phishing Email #4: The Attacker Baits the Target With a Remote-Working Tool
What’s wrong with this email? The Display Name (Helpdesk_admin@tessian.com) and the email address are in stark contrast. This sender’s email address is a direct spoof of the domain (tessian.com). The attacker is taking advantage of the fact that many employees around the world are now suddenly working from home and in need of remote-working tools. Therefore, targets are more likely to trust that their employer has, in fact, set them up for remote connection provided by a VPN vendor. The way this email is constructed – poor grammar and impersonal – makes it obvious to a Tessian employee that this is not legitimately from our IT manager. The target is being encouraged to follow a link, which looks inconspicuous. But, upon hovering, you’ll see that the link the target will actually be led to is suspicious.
Important: Because Tessian has DMARC enabled, emails that spoof our domain are automatically sent to “quarantine”. That means the email was never actually received by the target and instead went straight to a spam folder. Unfortunately, though, a lot of companies don’t have DMARC enabled. In fact, nearly 80% of domains have no DMARC policy. Now that you know what these opportunistic phishing emails look like, what do you do if you’re targeted? That is, after all, what’s really important when it comes to preventing a data breach.  What to Do If You’re Targeted by a Phishing Attack If anything seems unusual, do not follow or click links or download attachments. Instead, visit the brand’s website via Google or your preferred search engine, find a support number, and ask them to confirm whether the communication is valid. If the email appears to come from someone you know and trust, like a colleague, reach out to the individual directly by phone, Slack, or a separate email thread. Rest assured, it’s better to confirm and proceed confidently than the alternative.  If you’re an employee who’s been targeted, contact your line manager and/or IT team. You can download this advice in PDF format (perfect for sharing with others peers and friends!) here. Further Reading: ⚡ Tax Day Scams ⚡ The US Census Scams ⚡ Stimulus Checks Scams  ⚡ Vaccine scams Want to stay up-to-date on the latest threats, get tips on how to stay safe, and advice for security leaders from security leaders? Sign-up for our weekly blog digest and get new content, straight to your inbox.
Human Layer Security Spear Phishing
Romance Fraud Scams Are On The Rise
By Laura Brooks
11 February 2021
Cybercriminals are exploiting “lockdown loneliness” for financial gain, according to various reports this week, which reveal that the number of incidents of romance fraud and romance scams increased in 2020.  UK Finance, for example, reported that bank transfer fraud related to romance scams rose by 20% in 2020 compared to 2019, while Action Fraud revealed that £68m was lost by people who had fallen victim to romance fraud last year – an increase on the year before. Why? Because people have become more reliant on online dating and dating apps to connect with others amid social distancing restrictions put in place for the Covid-19 pandemic.
With more people talking over the internet, there has been greater opportunity for cybercriminals to trick people online. Adopting a fake identity and posing as a romantic interest, scammers play on people’s emotions and build trust with their targets over time, before asking them to send money (perhaps for medical care), provide access to bank accounts or share personal information that could be used to later commit identity fraud. Cybercriminals will play the long-game; they have nothing but time on their hands.  A significant percentage of people have been affected by these romance scams. In a recent survey conducted by Tessian, one in five US and UK citizens has been a victim of romance fraud, with men and women being targeted equally.
Interestingly, people aged between 25-34 years old were the most likely to be affected by romance scams. Tessian data shows that of the respondents who said they had been a victim of romance fraud, 45% were aged between 25-34 versus just 4% of respondents who were aged over 55 years old.  !function(e,t,s,i){var n="InfogramEmbeds",o=e.getElementsByTagName("script"),d=o[0],r=/^http:/.test(e.location)?"http:":"https:";if(/^\/{2}/.test(i)&&(i=r+i),window[n]&&window[n].initialized)window[n].process&&window[n].process();else if(!e.getElementById(s)){var a=e.createElement("script");a.async=1,a.id=s,a.src=i,d.parentNode.insertBefore(a,d)}}(document,0,"infogram-async","//e.infogram.com/js/dist/embed-loader-min.js"); This may be because romance fraud victims are most commonly targeted on social media platforms like Facebook or Instagram, with a quarter of respondents (25%) saying they’d been successfully scammed on these channels.  This was closely followed by email (23%) while one in five people said they’d been targeted on mobile dating apps, and 16% said they’d been scammed via online dating websites.  This behavior is quite typical, say experts. Often romance fraud will start on dating apps or official dating websites but scammers will move to social media, email or text in order to reduce the trail of evidence.
How to avoid falling for a romance scam It’s important to remember that most dating apps and websites are completely safe. However, as social distancing restrictions remain in place for many regions, people should consider how they could be targeted by social engineering attacks and phishing scams at this time. We advise people to question any requests for personal or financial information from individuals they do not know or have not met in person, and to verify the identity of someone they’re speaking to via a video call. We also recommend the following: Never send money or a gift online to someone who you haven’t met in person. Be suspicious of requests from someone you’ve met on the internet. Scammers will often ask for money via wire transfers or reload cards because they’re difficult to reverse. Be wary of any email or DM you receive from someone you don’t know. Never click on a link or download an attachment from an unusual email address.  Keep social media profiles and posts private. Don’t accept friend requests or DMs from people you don’t know personally.  The FBI and Action Fraud have also provided citizens with useful advice on how to avoid falling for a romance scam and guidance for anyone who thinks they may have already been targeted by a scammer.  And if you want to learn more about social engineering attacks, you can read Tessian’s research How to Hack a Human. 
Spear Phishing
6 Reasons to Download “How to Hack a Human” Now
By Maddie Rosenthal
02 February 2021
Over the last decade, phishing has evolved from spam to something much (much) more targeted. It’s now the threat most likely to cause a breach. At the same time, the number of adults on social media networks like Facebook has jumped by almost 1,300%. We explore the correlation between the two in our latest research report “How to Hack a Human”. You can download it here. Need a few good reasons to download it? Keep reading.  1. You’ll get a hacker’s perspective Actually, you’ll get ten (ethical) hackers’ perspectives. We partnered with HackerOne and other social engineering experts to learn how they use publicly available information – like social media posts, OOO messages, press releases, and more – to craft highly targeted,  highly effective social engineering attacks. In the end, we found out that they use everything. A photo from your gender reveal party can help them uncover your home address. A post about your dog can help them guess your password. An OOO message can tell them who to target, who to impersonate, and give them a sense of their window of opportunity. 2. You’ll learn how vulnerable organizations are to attack  By surveying 4,000 employees and using Tessian platform data, we were able to uncover how frequently people (and the companies they work for) are being targeted by social engineering attacks, business email compromise (BEC), wire transfer fraud, and more. The numbers are staggering. 88% of people have received a suspicious message in the last year.  Of course, some industries are more vulnerable than others. !function(e,t,s,i){var n="InfogramEmbeds",o=e.getElementsByTagName("script"),d=o[0],r=/^http:/.test(e.location)?"http:":"https:";if(/^\/{2}/.test(i)&&(i=r+i),window[n]&&window[n].initialized)window[n].process&&window[n].process();else if(!e.getElementById(s)){var a=e.createElement("script");a.async=1,a.id=s,a.src=i,d.parentNode.insertBefore(a,d)}}(document,0,"infogram-async","//e.infogram.com/js/dist/embed-loader-min.js"); And, we expect to see more next year. Why? Between H1 2020 and H2 2020, we saw a 15% increase in attacks.  Read the report to find out more.  3. We show two examples of social engineering – including the “clues” that enabled hackers to carry out the attack Using social media posts, news headlines, and OOO messages, we breakdown two attacks. CEO Fraud in Financial Services Account Takeover (ATO) in Healthcare We explain the hacker’s motivation, what the attack looked like, and – in the end – how it could have been prevented. (More on that below). 4. You’ll get access to a free, educational guide to help employees level-up their personal and professional cybersecurity  As we’ve said, hackers hack humans to hack the companies they work for. So, to help security leaders communicate the threat and teach their employees how to prevent being targeted and how to spot an attack if it lands their inbox, we put together a comprehensive list of do’s and don’ts.  You can find it on page 20. Bonus: Are you a Tessian customer? We’re happy to co-brand the list. Get in touch with your Customer Success Executive for more information. 5. The dataset is global In addition to interviewing employees in the US and the UK, Tessian platform data accounts for organizations across continents.  Why does this matter? It goes to show that this isn’t a problem that’s isolated to a specific region. Everyone is being targeted by social engineering attacks. But – interestingly – the online habits of Americans vs. Brits vary considerably. For example, while 93% of US employees say they update their job status on social media when they start a new role, just 63% of UK employees said the same.  !function(e,t,s,i){var n="InfogramEmbeds",o=e.getElementsByTagName("script"),d=o[0],r=/^http:/.test(e.location)?"http:":"https:";if(/^\/{2}/.test(i)&&(i=r+i),window[n]&&window[n].initialized)window[n].process&&window[n].process();else if(!e.getElementById(s)){var a=e.createElement("script");a.async=1,a.id=s,a.src=i,d.parentNode.insertBefore(a,d)}}(document,0,"infogram-async","//e.infogram.com/js/dist/embed-loader-min.js"); Top tip: New starters are prime targets of social engineering attacks. They’re typically given their full access credentials when they start, but don’t yet know who’s who. They may also not have had their security training yet. Finally, given that they’re new, they’ll be especially keen to make a good impression. 6. You’ll get a peek inside a hacker’s toolkit  Yes, all of the information hacker’s use is easy enough to find  online (esspecially if they’re motivated to find it). But. there are plenty of tools that hackers use that make connecting the dots and cracking passwords quick and easy. We outline ten in the report. You’ll likely recognize some of them… Most – if not all – of these tools were designed for the “good guys”. Penetration testers, compliance teams, and even law enforcement. In fact, some are even marketing and sales tools! Flip to page 16 to learn more. Bonus: The report is ungated…for now For the next few weeks, you’ll be able to download the report without filling out a form. Yep, you just click “download” and it’s yours. Starting at the end of February, you’ll just need to provide your email address and a few other pieces of information about your role and company.  Ready? Set? Download.
Spear Phishing
Tessian Launches Account Takeover (ATO) Protection
By Harry Wetherald
27 January 2021
Today, a comprehensive email security strategy needs to do more more than just secure an organization’s own email platform and users. Why? Because more and more often, bad actors are gaining access to the email accounts of trusted senders (suppliers, customers, and other third-parties) to breach a target company. This is called account takeover (ATO) and one in seven organizations have experienced this kind of attack. And, since legitimate business email accounts are used to carry out these attacks, it is one of the most difficult impersonation attacks to detect, making most organizations vulnerable to ATO.  But, not Tessian customers. Tessian Defender can now detect and prevent ATO. How does Tessian Defender detect ATO? Unlike Secure Email Gateways (SEGs) – which rely almost exclusively on domain authentication and payload inspection – Tessian Defender uses machine learning (ML), anomaly detection, behavioral analysis, and natural language processing (NLP) to detect a variety of ATO signals:  Unusual sender characteristics: This includes anomalous geophysical locations, IP addresses, email clients, and reply-to addresses  Anomalous email sending patterns: Based on historical email analysis, Tessian can identity unusual recipients, unusual send times, and emails sent to an unusual number of recipients Malicious payloads: Tessian uses URL match patterns to spot suspicious URLs and ML to identify red flags indicative of suspicious attachments  Deep content inspection: Looking at the email content – for example, language that conveys suspicious intent – Tessian can detect zero-payload attacks, too
Importantly, Tessian’s ML algorithm gets smarter as it continuously analyzes email communications across its global network. This way, it can build profiles of organizations (and their employees) to understand what “normal” email communications look like at a granular level.  This allows Tessian Defender to catch even the most subtle ATO attacks. Once it detects a threat, Tessian alerts employees and admins that an email might be unsafe. The warnings are written in easy-to-understand language and explain why an email has been flagged, which prevents the users from responding to the email or clicking on malicious links or attachments. These warnings also act as in-the-moment training and help improve email behavior over time.  Administrators get real-time alerts of ATO and can track events in the Human Layer Security Intelligence portal. You can learn more about how Tessian detects and prevents ATO here. Keep reading to see an admin’s view of the portal and what a warning looks like for employees.
What are the benefits of Tessian ATO threat protection?  The consequences of ATO are far-reaching.  Attackers could gain access to credentials, employee data, and computer data. They could initiate fraudulent wire transfers, conduct bank fraud, and sell data. That means organizations could suffer significant financial loss, reputational damage, and lose customers (and their trust). And this doesn’t even account for lost productivity, data loss, or regulatory fines.  Between 2013 and 2015, Facebook and Google were scammed out of $121 million after a hacker impersonated a trusted vendor. And that’s just one example.  Tessian’s ATO threat protection minimizes these risks by preventing successful attacks. But, detecting and preventing threats is just one of the benefits of Tessian.   For security teams
Detection is automated, which means it’s not just effective, but also effortless for security teams Real-time alerts of ATO events and robust tools (like single-click quarantine) allow for rapid investigation and remediation directly in the portal  Tessian’s API can be integrated with SIEMs like Splunk and Rapid7, allowing security analysts and SOC teams to analyze Tessian data alongside insights from other solutions In-the-moment warnings reinforce security awareness training and help nudge employees towards safer email behavior For the C-suite
ATO protection doesn’t just keep your organization safe and compliant (and help you avoid reputational damage or financial loss). It’s a competitive differentiator and can help build trust with existing customers, clients, and your supply chain. Multi-layer threat insights, visualized data, and industry benchmarks help CISOs understand their organization’s security posture compared to their industry peers Automated reports make it easy to communicate success to the board and other key stakeholders For employees
Contextual warnings are helpful – not annoying – and act as in-the-moment training. This helps employees improve their security reflexes over time for safer email behavior. Flag rates are low (and false positives are rare) which means employees can do the job they were hired to do, without security getting in the way Learn more about Tessian Interested in learning more about Tessian Defender and ATO Protection? Current Tessian customers can get in touch with their Customer Success Manager. Not yet a Tessian customer? Learn more about our technology, explore our customer stories, or book a demo now.
Spear Phishing
What is Email Spoofing? How Does Email Spoofing Work?
22 January 2021
Let’s start with a definition of email spoofing.
While email spoofing can have serious consequences, it’s not particularly difficult for a hacker to do. And, despite the fact that email filters and apps are getting better at detecting spoofed emails… they can still slip through.  Keep reading to find out: What motivates someone to spoof an email address How email spoofing works How common email spoofing is If you’re here to learn how to prevent email spoofing, check out this article instead: How to Prevent Email Spoofing. Why do people spoof emails? You might be wondering why someone would want to spoof another person or company’s email address in the first place. It’s simple: they want the recipient to believe that the email came from a trusted person. Most commonly it is used for activities such as: Spear phishing: A type of “social engineering” attack where the attacker impersonates a trusted person and targets a specific individual. Business Email Compromise (BEC): A phishing attack involving a spoofed, impersonated, or hacked corporate email address. CEO fraud: A BEC attack where the attacker impersonates a high-level company executive and targets an employee. Vendor Email Compromise (VEC): A BEC attack where the attack impersonates a vendor or another business in a company’s supply chain. Spamming: Sending unsolicited commercial email to large numbers of people. Now let’s look at the technical process behind email spoofing. How email spoofing works First, we need to distinguish between “email spoofing,” and “domain impersonation.” Sometimes these two techniques get conflated.  Here’s the difference: In an email spoofing attack, the sender’s email address looks identical to the genuine email address (jeff.bezos@amazon.com).  In a domain impersonation attack, the fraudster uses an email address that is very similar to another email address (jeff.bezos@amaz0n.co). When you receive an email, your email client (e.g. Outlook or Gmail) tells you who the email is supposedly from. When you click “reply,” your client automatically fills in the “to” field in your return email. It’s all done automatically and behind the scenes. But, this information is not as reliable as you might think. An email consists of several parts: Envelope: Tells the receiving server who sent the email and who will receive it. When you get an email, you don’t normally see the envelope. Header: Contains metadata about the email: including the sender’s name and email address, send date, subject, and “reply-to” address. You can see this part. Body: The content of the email itself. Spoofing is so common because it’s surprisingly easy to forge the “from” elements of an email’s envelope and header, to make it seem like someone else has sent it.  Obviously, we’re not going to provide instructions on how to spoof an email. But we can break down a spoofed email to help you understand how the process works.  Let’s take a look at the email header:
First, look at the “Received From” header, highlighted in blue, which shows that the email came from the domain “cybercrime.org.” But now look at the parts highlighted in yellow — the “Return-Path,” “From,” and “Reply-To” headers — which all point to “Mickey Mouse,” or “m.mouse@disney.com”. These headers dictate what the recipient sees in their inbox, and they’ve all been forged. The standard email protocol (SMTP) has no default way of authenticating an email. There are authentication checks that depend on the domain owner protecting its domain. In this case, the spoof email failed two important authentication processes (also highlighted in blue, above): SPF, short for Sender Policy Framework: Checks if the sender’s IP address is associated with the domain specified in the envelope. DMARC, short for Domain-based Message Authentication, Reporting, and Conformance: Verifies an email’s header information. DKIM, short for DomainKeys Identified Mail: Designed to make sure messages aren’t altered in transit between the sending and recipient servers. As you can see, DMARC, SPF, and DKIM all = none. That means our spoofed email slipped right through. Here’s how the email looks in the recipient’s inbox:
The email above appears to have been sent by Mickey Mouse, using the email address m.mouse@disney.com. But we know from the header that it actually came from cybercrime.org. This demonstrates the importance of setting up DMARC policies. You can learn more about how to do that here. Note: Disney does have DMARC enabled. This is a hypothetical example! Want to find out which companies don’t have DMARC set-up? Check out this website.  How common is spoofing? Measuring the precise number of spoofed emails sent and received every day is impossible. But we can look at how many cybercrime incidents involving spoofing get reported each year. A good place to start is the U.S. Federal Bureau of Investigation (FBI)’s Internet Crime Complaint Center (IC3) annual report.  In 2020, the IC3 reported that: 28,218 of the 791,790 complaints the IC3 received related to spoofing The losses associated with spoofing complaints totaled over $216 million Spoofing was the sixth most costly type of cybercrime The number of spoofing attacks rose 81% since 2018 The losses from spoofing have more than doubled since 2018 Note that the IC3’s definition of “spoofing” includes incidents involving spoofed phone numbers. But we already know that 96% of phishing attacks start with email. Now you understand what email spoofing is, and how serious a threat it can be, it’s time to read our article on how to prevent email spoofing.
Spear Phishing
How to Prevent and Avoid Falling for Email Spoofing Attacks
By Maddie Rosenthal
22 January 2021
Email spoofing is a common way for cybercriminals to launch phishing attacks — and just one successful phishing attack can devastate your business. That’s why every secure organization has a strategy for detecting and filtering out spoofed emails. Do you? This article will walk you through some of the best methods for preventing email spoofing. Want to learn more about email spoofing, how hackers do it, and how common these attacks are? Check out this article: What is Email Spoofing and How Does it Work? And, if you’re wondering how to prevent your email address or domain from being spoofed…the first step is to enable DMARC. But, even that isn’t enough. We explain why in this article: Why DMARC Isn’t Enough to Stop Impersonation Attacks.  Security awareness training Email spoofing is a common tactic in social engineering attacks such as spear phishing, CEO fraud, and Business Email Compromise (BEC). Social engineering attacks exploit people’s trust to persuade them to click a phishing link, download a malicious file, or make a fraudulent payment. That means part of the solution lies in educating the people being targeted.  It’s important to note that cyberattacks target employees at every level of a company — which means cybersecurity is everyone’s responsibility. Security awareness training can help employees recognize when such an attack is underway and understand how to respond.  In this article  – What Is Email Spoofing and How Does it Work? – we looked at how an email’s header can reveal that the sender address has been spoofed. Looking “under the hood” of an email’s header is a useful exercise to help employees understand how email spoofing works. You can see if the email failed authentication processes like SPF, DKIM, and DMARC, and check whether the “Received” and “From” headers point to different domains. But it’s not realistic to expect people to carefully inspect the header of every email they receive. So what are some other giveaways that might suggest that an email spoofing scam is underway? The email doesn’t look how you expect. The sender might be “paypal.com.” But does the email really look like PayPal’s other emails? Most sophisticated cybercriminals use the spoofed company’s branding — but some can make mistakes. The email contains spelling and grammar errors. Again, these mistakes aren’t common among professional cybercriminals, but they still can occur. The email uses an urgent tone. If the boss emails you, urgently requesting that you pay an invoice into an unrecognized account — take a moment. This could be CEO fraud. You must get your whole team on board to defend against cybersecurity threats, and security awareness training can help you do this. However, Tessian research suggests that the effectiveness of security training is limited.  Email provider warnings Your mail server is another line of defense against spoofing attacks. Email servers check whether incoming emails have failed authentication processes, such as SPF (Sender Policy Framework), DKIM (DomainKeys Identified Mail), and DMARC (Domain-based Message Authentication, Reporting, and Conformance). Many email providers will warn the user if an email has failed authentication. Here’s an example of such a warning from Protonmail:
As part of your company’s security awareness training, you can urge employees to pay close attention to these warnings and report them to your IT or cybersecurity team. However, it’s not safe to rely on your email provider. A 2018 Virginia Tech study looked at how 35 popular email providers handled email spoofing. The study found: All except one of the email providers allowed fraudulent emails to reach users’ inboxes. Only eight of the providers provided a warning about suspicious emails on their web apps.  Only four of the providers provided such a warning on their mobile apps. Authentication protocols As noted by the Virginia Tech study, email providers often allow fraudulent emails through their filters — even when they fail authentication. But, perhaps more importantly, whether a fraudulent email fails authentication in the first place is out of your hands. For example, SPF lets a domain owner list which email servers are authorized to send emails from its domain. And DMARC enables domain owners to specify whether recipient mail servers should reject, quarantine, or allow emails that have failed SPF authentication.  So, for domain owners, setting up SPF, DKIM, and DMARC records is an essential step to prevent cybercriminals and spammers from sending spoofed emails using their domain name. But as the recipient, you can’t control whether the domain owner has properly set up its authentication records. You certainly don’t want your cybersecurity strategy to be dependent on the actions of other organizations.  Email security software Effective email spoofing attacks are very persuasive. The email arrives from a seemingly valid address — and it might contain the same branding, tone, and content you’d expect from the supposed sender. This makes email spoofing attacks one of the hardest cybercrimes to detect manually. Humans aren’t good at spotting the subtle and technical indicators of a well-planned email spoofing attack. Legacy solutions like Secure Email Gateways and native tools like spam filters aren’t either.  The best approach to tackling spoofing — or any social engineering attack — is intelligent technology. Email security solutions powered by machine learning (ML) automates the process of detecting and flagging spoofed emails, making it easier, more consistent, and more effective. Here’s how Tessian Defender solves the problem of email spoofing: Tessian’s machine learning algorithms analyze each employee’s email data. The software learns each employee’s email style and maps their trusted email relationships. It learns what “normal” looks like so it can spot suspicious email activity. Tessian performs a deep inspection on inbound emails. By checking the sender’s IP address, email client, and other metadata, Tessian can detect indications of email spoofing and other threats.  If it suspects an email is malicious, Tessian alerts employees using easy-to-understand language.
Further reading: ⚡ Tessian Defender Data Sheet ⚡ Customer Stories ⚡ Report: To Prevent Spear Phishing Look for Impersonation If you’d rather talk to someone about your specific challenges, you can talk to an expert at Tessian.
Spear Phishing Remote Working
CISA Warns of New Attacks Targeting Remote Workers
14 January 2021
tl;dr: The Cybersecurity and Infrastructure Security Agency (CISA) has warned of a string of successful phishing attacks exploiting weak cyber hygiene in remote work environments to access companies’ cloud services via employees’ corporate laptops and personal devices.*  According to the report, “the cyber actors designed emails that included a link to what appeared to be a secure message and also emails that looked like a legitimate file hosting service account login. After a targeted recipient provided their credentials, the threat actors then used the stolen credentials to gain Initial Access to the user’s cloud service account. … A variety of tactics and techniques—including phishing, brute force login attempts, and possibly a “pass-the-cookie” attack—to attempt to exploit weaknesses in the victim organizations’ cloud security practices.” 
Once the hackers had access an employee’s account, they were able to: Send other phishing emails to contacts in the employee’s network.  Modify existing forwarding rules so that emails that would normally automatically be forwarded to personal accounts were instead forwarded directly to the hacker’s inbox.  Create new mailbox rules to have emails containing specific keywords (i.e. finance-related terms) forwarded to the hacker’s account. This type of malicious activity targeting remote workers isn’t new. Henry Trevelyan Thomas, Tessian’s VP of Customer Success has seen many instances this year. “The shift to remote work has resulted in people needing more flexibility, and personal accounts provide that—for example, access to home printers or working from a partner’s computer. Personal accounts are easier to compromise as they almost always have less security controls, are outside organizations’ secure environments, and your guard is down when logging on to your personal account. Attackers have realized this and are seeing it as a soft underbelly and entry point into a full corporate account takeover.” Learn more about Account Takeover (ATO), and take a look at some real-life examples of phishing attacks we spotted last year.  CISA recommends the following steps for organizations to strengthen their cloud security practices: Establish a baseline for normal network activity within your environment Implement MFA for all users, without exception Routinely review user-created email forwarding rules and alerts, or restrict forwarding Have a mitigation plan or procedures in place; understand when, how, and why to reset passwords and to revoke session tokens Consider a policy that does not allow employees to use personal devices for work. At a minimum, use a trusted mobile device management solution. Consider restricting users from forwarding emails to accounts outside of your domain Focus on awareness and training. Make employees aware of the threats—such as phishing scams—and how they are delivered. Additionally, provide users training on information security principles and techniques as well as overall emerging cybersecurity risks and vulnerabilities. Establish blame-free employee reporting and ensure that employees know who to contact when they see suspicious activity or when they believe they have been a victim of a cyberattack. This will ensure that the proper established mitigation strategy can be employed quickly and efficiently. For more practical advice on how to avoid falling for a phishing scam, download Tessian’s guide to Remote Work and Cybersecurity. What Tessian’s Experts Say
Free resources to help keep your employees and organization secure.
*Note: the activity and information in this Analysis Report is not explicitly tied to any one threat actor or known to be specifically associated with the advanced persistent threat actor attributed with the compromise of SolarWinds Orion Platform software and other recent activity.
Spear Phishing
What is CEO Fraud? How to Identify CEO Email Attacks
14 January 2021
Typically, the attacker will target an employee at a target organization and trick them into transferring them money. A CEO fraud email will usually urgently request the employee to pay a supplier’s “invoice” using new account details. Cybercriminals use sophisticated techniques and meticulous research to make the attack as persuasive as possible.  Why do cybercriminals impersonate CEOs and other high-level executives? Two reasons: Power: CEOs have the authority to instruct staff to make payments. Status: Employees tend to do what CEOs ask. No-one wants to upset the boss. CEO fraud vs. other types of cybercrime There’s some confusion about CEO fraud and how it relates to other types of cybercrime. Let’s clear a few things up before looking at CEO fraud in more detail. CEO fraud is related to the following types of cybercrime: Social engineering attack: Any cyberattack in which the attacker impersonates someone that their target is likely to trust. Phishing: A social engineering attack conducted via email (there are other forms of phishing, such as “smishing” and “vishing” via SMS and phone). Spear phishing: A phishing attack targeting a named individual. Business Email Compromise (BEC): A phishing attack conducted via a hacked or spoofed corporate email account. CEO fraud is not to be confused with “whaling”: a phishing attack where the cybercriminal targets — rather than impersonates — a CEO or other senior company employee. More on that in this article: Whaling: Examples and Prevention Strategies. How do CEO fraud attacks work? There are three main ways cybercriminals can compromise a CEO’s email account: Hacking: Forcing entry into the CEO’s business email account and using it to send emails. Spoofing: Sending an email from a forged email address and evading authentication techniques. Impersonation: Using an email address that looks similar to a CEO’s email address. A CEO fraud attack usually involves one of the following types of cybercrime: Wire transfer phishing: The attacker asks the target to pay an invoice. Gift certificate phishing: The attacker asks the targets to buy them gift certificates Malicious payload: The email contains a malware attachment Like all social engineering attacks, CEO fraud attacks exploit people’s feelings of trust and urgency. When the CEO is “in a meeting” or “at a conference” and needs an urgent favor, employees don’t tend to second-guess them.  Here’s how a CEO fraud email might look. Now, for the sake of the example, imagine your boss is Thomas Edison. Yes, that Thomas Edison.
There are a few things to note about this CEO fraud email: Note the subject line, “Urgent request,” and the impending payment deadline. This sense of urgency is ubiquitous among CEO fraud emails. The fraudster uses Thomas’s casual email tone and his trademark lightbulb emoji. Fraudsters can do a great impersonation of a CEO by scraping public data (plenty is available on social media!) or by hacking their email and observing their written style. Cybercriminals do meticulous research. Thomas probably is in Florida. “Filament Co.” might be a genuine supplier and an invoice might even actually be due tomorrow. There’s one more thing to note about the email above. Look at the display name — it’s “Thomas Edison”. But anyone can choose whatever email display name they want. Mobile email apps don’t show the full email address, leaving people vulnerable to crude “display name impersonation” attacks. That’s why it’s so important to examine the sender’s email address and make sure it matches the display name. Remember: on mobile, you’ll have to take an extra step to view the email address. But, it’s worth it.  It’s important to note that the difference between the display name and email address won’t always be easy to spot. Why? Because fraudsters can create look-a-like email addresses via “domain impersonation”. Let us explain. An email domain is the part of the email address after the “@” sign. A cybercriminal impersonating Bill Gates, for example, might purchase a domain such as “micros0ft.com” or “microsoft.co”.  Likewise, using “freemail impersonation”, a more unsophisticated attacker might simply set up an email account with any free email provider using the CEO’s name (think “bill.gates@gmail.com”). We explain domain impersonation in more detail – including plenty of examples – in this blog: Inside Email Impersonation: Why Domain Name Spoofs Could be Your Biggest Risk. How common is CEO fraud? It’s undeniable that cybercrime is on the increase. FBI statistics show that the total losses from cybercrime rose from $1.5 billion in 2016 to $4.3 billion in 2020. Business Email Compromise (BEC) has also “increased, grown in sophistication, and become more targeted” due to the COVID-19 pandemic, according to Interpol. But what about CEO fraud itself? CEO fraud once dominated the cybercrime landscape. However, there is some evidence that cybercriminals are moving away from CEO fraud and towards a broader range of more sophisticated social engineering attacks. The FBI’s Internet Crime Complaint Center (IC3) estimates the global losses associated with BEC at over $28 billion in the period from 2016-20 and cites a 61% increase in BEC incidents over the same period. But this figure doesn’t distinguish CEO fraud from other types of BEC. The IC3’s 2019 cybercrime report suggests while CEO fraud previously dominated BEC, cybercriminals now impersonate a broader range of actors, including vendors, lawyers, and payroll departments. These days, employees don’t only have to be wary of CEO fraud attacks. They also need to watch out for more advanced cybercrime techniques like Account Takeover (ATO), deepfakes, and ransomware. But CEO fraud is still a big deal. In December 2020, the Bank of Ireland warned of an increase in Brexit-related CEO fraud attacks. The bank’s staff were reportedly dealing with two to three CEO fraud attacks per week, with some attacks compromising millions of euros. Want to know how to protect yourself and your business from CEO fraud? Read our article: How to Prevent CEO Fraud Attacks.
Spear Phishing Customer Stories
How Tessian Is Preventing Advanced Impersonation Attacks in Manufacturing
By Maddie Rosenthal
12 January 2021
Company: SPG Dry Cooling Industry: Manufacturing Seats: 368 Solutions: Defender About SPG Dry Cooling SPG Cooling is an innovative, global leading manufacturer of air-cooled condensers that has been providing exceptional quality equipment to coal, oil, and gas industrial plants for over a century. They employee a global workforce and have over 1,000 customer references. We talked to Thierry Clerens, Global IT Manager at SPG Dry Cooling, to learn more about the problems Tessian helps solve and why he chose Tessian Defender over other solutions.  Problem: The most advanced threats can slip past other controls  Phishing is a big problem across all industries.  But, because inbound email attacks are becoming more and more sophisticated and hackers continue using tactics like domain impersonation and email spoofing, Thierry knew he needed to implement a new solution that could stop the phishing emails that might slip past his O365 controls and trained employees. He cited one specific incident where a hacker impersonated a company in SPG Cooling’s supply chain and attempted to initiate a wire transfer.  How? A tiny, difficult-to-spot change in the domain name.  “They created a fake domain with exactly the same name as the real user. But the top-level domain .tr was missing at the end. So it was just .com. No user – not even IT! – is looking at the domain name that closely. They tried to get us to deliver money to another account,” Thierry explained. While the attack wasn’t successful (SPG Dry Cooling has strong policies and procedures in place to confirm the legitimacy of requests like this) he wanted to level-up his inbound email security and help users spot these advanced impersonation attacks. So, he invested in Tessian. Thierry explained why. 
Tessian Defender analyzes up to 12 months of historical email data to learn what “normal” looks like. It then uses natural language processing, behavioral analysis, and communication analysis to determine if a particular email is suspicious or not in real-time. To learn more, read the data sheet.  Problem: You can’t train employees to spot all phishing attacks Tessian also helps employees get better at spotting malicious emails with in-the-moment warnings (written in plain English) that reinforce training by explaining exactly why an email is being flagged. Here is an example:
This feature is especially important to Thierry, who values phishing awareness training but understands it has to be ongoing.  “We like to empower our users and we like that, with Tessian, our users learn and become better and better and better. That’s what we’re trying to do at SPG Dry Cooling. We’re trying to train and educate our users as much as possible. We’re trying to be innovative in the ways that we get our users, our company, our members, everybody, to better themselves,” he said. In evaluating solutions, he wanted something that would protect his people, while also empowering them to make smarter security decisions. He found that in Tessian, explaining that “the most interesting feature for me is the user education. You have to train your users. You have to help them get better at spotting threats by helping them understand the threats. Tessian does that.” Problem: It’s nearly impossible for IT teams to manually investigate all potential inbound threats Before Tessian, Thierry and his team had to manually investigate all emails that employees flagged as suspicious. With limited time and resources – and given the fact that “some are really good and are even hard for IT people to find” – it was nearly impossible for them to keep up. 
Thierry explained that Tessian extends the capabilities of his team. How?  It automatically detects and prevents threats Domains can be added to the denylist in a single click, before they even land in employee’s mailboxes Tessian dashboards make it easy for IT to see trends and create targeted security campaigns to help educate users.  Tessian was also easy to deploy. “As a part of our proof of concept, Tessian started ingesting historical data about employee’s IP addresses, what emails they normally send, who they normally communicate with. We saw how it was helping in just a few weeks. After that, we connected Tessian to Office 36. It took just 15 minutes,” he said.  Learn more about how Tessian prevents human error on email Powered by machine learning, Tessian’s Human Layer Security technology understands human behavior and relationships. Tessian Guardian automatically detects and prevents misdirected emails Tessian Enforcer automatically detects and prevents data exfiltration attempts Tessian Defender automatically detects and prevents spear phishing attacks Importantly, Tessian’s technology automatically updates its understanding of human behavior and evolving relationships through continuous analysis and learning of an organization’s email network. That means it gets smarter over time to keep you protected, wherever and however your work. Interested in learning more about how Tessian can help prevent email mistakes in your organization? You can read some of our customer stories here or book a demo.
SPG Dry Cooling Case Study hbspt.cta.load(1670277, '18e021b3-d228-43a7-9fa6-e3f44190d20c', {"region":"na1"});
[if lte IE 8]
[if lte IE 8]