Today, 95% of all cyber attacks launched on businesses start with a spear phishing email. What’s more, spear phishing attacks increased 250% last year as bad actors have discovered more and more ways to outwit email users (busy people) and defenses (legacy technology). The motivations behind attacks are straightforward: deploy malware or defraud the target of money or credentials. The tactics, however, vary greatly and are becoming increasingly more difficult to spot.
A variety of terms are used to describe inbound email attacks ranging from spoofing, phishing, spear phishing and whaling. While some people use the terms interchangeably, they are, in fact, different. Here’s a breakdown of the terminology:
Spear phishing isn’t difficult to pull off. Attackers don’t need capital, special equipment or a particularly advanced skillset. They just need to invest time into researching a target, which is easy with the proliferation of public profiles on platforms like LinkedIn.
Spear phishing is particularly effective because busy professionals are easy to trick on email. Today, the average worker spends nearly a third of their working week on email, sending and receiving around 124 emails every day. The pressure to be constantly connected and on-the-go means that employees are more likely to be distracted and make mistakes on email. A shift towards becoming a mobile workforce hasn’t helped the situation either. Verizon research has shown that people are significantly more susceptible to social attacks received on mobile devices; this is a result of mobile design and people’s tendency to multitask on mobile devices.
Businesses globally have lost $12.5bn over the past five years as a result of phishing scams. Advanced impersonation spear phishing has emerged as one of the most popular and successful attack methods being leveled at businesses – small and large – around the world. Rewards for attackers are high, and the damage to organizations can be catastrophic, resulting in wire payment fraud, file sharing, credential theft and eventual systems takeover.
Most organizations rely on Secure Email Gateways (SEGs) to keep inboxes safe. To identify and prevent inbound threats, SEGs commonly employ machine layer methods:
While SEGs can block malware and bulk phishing attacks, rule-based solutions cannot stop advanced impersonation attacks and are incapable of detecting external impersonation.
Tessian Defender detects all possible impersonation types, including the manipulation of internal and external contacts. Defender stops advanced threats that legacy systems miss.
Tessian Defender’s stateful machine learning retroactively analyses historical email data in order to understand the difference between safe and unsafe emails being received. By analyzing multiple data points within email headers, body text and attachment data, Defender can detect and prevent threats in real time with minimal end-user disruption.
To learn more about Tessian or book a demo of Tessian Defender, contact us here.