Tessian Cloud Email Security intelligently prevents advanced email threats and protects against data loss, to strengthen email security and build smarter security cultures in modern enterprises.
What is a misdirected email?
A misdirected email - also called a misaddressed email -is an email sent to the wrong recipient.
Misdirected emails are common — sending an email to the wrong person is an easy mistake. Who hasn’t done it? But they can also be disastrous, potentially damaging a company’s reputation, revealing its confidential data, and breaching its customers’ privacy.
If you’re looking for a solution versus an explanation of the problem, we’ve got you covered. Learn more about how Tessian Guardian prevents misdirected emails.
How common are misdirected emails?
That explains why misdirected emails are such a major problem. According to research, 58% of people have sent an email to the wrong person while at work, with 20% of recipients stating that this action has lost their company business — and 12% stating that it cost them their job.
And according to Tessian platform data, organizations with over 1,000 employees send around 800 misdirected emails every year. That’s more than two emails a day. It’s also the most common type of error to cause a breach, according to Verizon’s 2021 DBIR.
Indeed, year after year, the UK’s Information Commissioner’s Office reports misdirected emails as the number one cause of data breaches. And the latest breach data from California also shows that email “misdelivery” was the most common type of data breach caused by human error.
Looking for some examples? Check out this article: 7 Data Breaches Caused by Misdirected Emails.
Why do misdirected emails keep happening?
So — why do we keep making this mistake? Well, the problem is partly down to burnout. Around 52% of people say they were more likely to make mistakes while tired — and 93% said they were tired at some point during the working week.
But there are some technical issues that lead to misdirected emails, too.
Email is “interoperable,” meaning that, for example, Gmail users can email Outlook users without issue. In fact, any two people can email each other, as long as they have internet access. So this communication method is highly flexible — but also open to sending errors.
Need to email your payroll data/passport photo/HR file to rob.bateman@companyA.com? Make sure you don’t accidentally type “rod.bateman@companyA.com”, or worse — “rob.bateman@companyB.com”.
The “To” field takes us back to a time before spellcheck began correcting our mistakes without us even noticing. One wrong letter can lead to a data breach.
When you’re typing an email address into Gmail, Outlook, or any other popular email client, you may notice the “autocomplete” function trying to finish it off for you.
Autocomplete can be a very useful feature when you email the same person regularly. But autocomplete can also lead to misdirected emails. Autocomplete can lead to misdirected emails when:
- You start typing in the “To” field.
- You see the autocomplete function completing the recipient’s name.
- You press “Tab” or “Enter” — without checking whether autocomplete has chosen the right recipient from your address book
Productivity guru Cal Newport estimates that we send and receive around 126 email messages per day — so features like autocomplete save businesses significant amounts of time. But the impact of one misdirected email can undo these benefits.
Bcc (which stands for “blind carbon copy”) lets you hide recipients when sending an email.
There are a few benefits to using Bcc, but its most useful function is when emailing a large group of people. If you don’t want any of the recipients to know who else got the email, you can put them all in the Bcc field.
Mailing lists are covered by data protection laws, such as the EU General Data Protection Regulation (GDPR). In most cases, each recipient of an email has the right to keep their email address private from the other recipients.
That’s why accidentally using the “Cc” or “To” field instead of the “Bcc” field can constitute a data breach. Indeed, in January 2020, speaker company Sonos referred itself to the UK’s data regulator after an employee accidentally copied 450 recipients into the Cc field.
The dreaded “Reply All”
Here’s one almost all of us have done before — hitting “Reply All” on an email to multiple recipients when we only meant to email one person (e.g., the sender). In most cases, accidentally “replying to all” is little more than an embarrassment. But consider Maria Peterson, who, in 2018, accidentally replied to all of Utah’s 22,000 public sector employees.
Misattached files and misdirected emails aren’t the same things — but misattached files (attaching the wrong file to an email) deserve a dishonorable mention in this article.
Around one in five emails contains an attachment, and Tessian research reveals some troubling data about this type of human error-based data breach:
- 48% of employees have emailed the wrong attachment
- 42% of misattached files contained company data or research
- 39% contained authentication data like passwords
- Misattached files caused the offending company legal issues in 31% of cases
We’ve looked at five types of misdirected email, and hopefully, you understand how serious a problem misdirected emails can be.To find out how to prevent — or recover from — misdirected emails, take a look at our article: You Sent an Email to the Wrong Person. Now What?