Request a Demo of Tessian Today.
Automatically stop data breaches and security threats caused by employees on email. Powered by machine learning, Tessian detects anomalies in real-time, integrating seamlessly with your email environment within minutes and starting protection in a day. Provides you with unparalleled visibility into human security risks to remediate threats and ensure compliance.
Customer Stories
Why Schroders Adopted Tessian 5 Years Ago, And How The Platform Has Evolved Since Then
By Maddie Rosenthal
Wednesday, March 24th, 2021
Company: Schroders Industry: Financial Services Seats: 6,500 Solutions: Guardian, Enforcer, Defender About Schroders   As a global active asset manager, Schroders has over 200 years of experience in investment and innovation and remains committed to creating a better future by investing responsibly for their clients. Across five business areas – including Private Assets & Alternatives, Solutions, Mutual Funds, Institutional and Wealth Management, Schroders invests in a wide range of assets and geographies and is responsible for £574.4 billion (€641.7 billion/$785.1 billion) in client assets, managed locally by 42 investment teams worldwide.  As a global business with over 5,500 talented staff across 35 locations, Schroders is able to stay close to their clients and understand their needs.  Schroders was an early adopter of Tessian, having first deployed the platform back in 2016. Since then, they’ve been using Tessian Guardian, Enforcer, and Defender for both inbound and outbound email security to help prevent accidental data loss, malicious data exfiltration, and inbound threats like spear phishing and Business Email Compromise (BEC). We talked to Rob Hyde, Chief Information Security Officer, and Mike Vieira, Perimeter and Cloud Security Capability Lead, to find out why Schroders initially chose Tessian, how the solution has evolved over the years, and how their security posture has improved as a result.   1. There is no “silver bullet” when it comes to email security   When we asked security leaders what threat vector they’re most concerned about protecting,  nearly half said email. For Rob, this isn’t a surprise.  “All big financial firms recognize that email-based processes are prone to human error. But we can’t take email out of the equation. There’s training, but people of course make mistakes despite being advised not to. So, what can you do? You either stop using email, or you find a product like Tessian that removes some of the risk,” he explained. As a part of their DLP strategy, Schroders uses Tessian Guardian to prevent employees from sending emails to the wrong person and from attaching the wrong files to emails; they use Tessian Enforcer to prevent employees from sharing sensitive information outside of the company network.  For Rob and Mike, Tessian Enforcer has been invaluable, especially once employees made the switch to remote working in early 2020. Mike explained, “Tessian Enforcer proved incredibly valuable after we made the shift to remote working. It allowed us to get a bird’s eye view of how employees were handling data and helped us understand what policies we needed to reinforce, what policies we needed to change altogether, and even gave us a better idea of what tools and technology would help our employees do their jobs more efficiently outside of the office”. Importantly, though, when it comes to locking down email, there is no silver bullet.  Training is necessary. Policies are essential. And rule-based DLP solutions have their place. So, what makes a solution really stand out? Its ability to complement and bolster other solutions, while also filling in the gaps.  Tessian is that solution for Schroders.
2. Rule-based and legacy solutions are admin-intensive with a low ROI  While the static nature of rules has been a pain point for Schroders, it isn’t the only drawback of legacy DLP solutions.  “Traditional DLP has a low return on investment, and it’s expensive to run. It does stop some malicious emails, but it’s very low volume,” Rob explained. Tessian is different, though. “On the other end of the spectrum, you have Tessian. If you look at Guardian, for example, it’s stopping data loss every day. Now, misdirected emails aren’t malicious activity, but the consequences are no less severe and the ROI is clear and easy to calculate. All we have to do is look at the number of employees who were going to do something – like send an email to the wrong person, move sensitive data outside of the company – but didn’t because of the solution.” he said.
For Rob and Mike, the ROI of Tessian is compounded by the fact that it’s effortless for their team to maintain. Because it’s proactive in preventing data loss and detecting inbound threats, there’s virtually no intervention or investigation required. 
3. Security solutions should enable employees, not restrict them  As one of the most successful asset management companies in Europe, it’s incredibly important to Rob and Mike that cybersecurity doesn’t come at the cost of reduced productivity or employee disruption.  “It’s a fine line. You want to give employees the freedom and flexibility to do their job. You don’t want to restrict too much, especially on email. But, equally, you have to help them understand their responsibility and the role they play in keeping the company secure,” Rob explained. Tessian satisfies both needs. In-the-moment warnings are helpful, not annoying and, because the platform is powered by machine learning, threats are detected with incredible accuracy; flag rates and false positives are much lower than other solutions, with just 1-2 emails emailed flagged per employee, per month.
Better still, this supports Schroders’ ethos of trust and enables Rob to support the organization. He explained, saying that “we trust our employees. They want to do the right thing. But we have to support them. Tessian helps us do that. The warning messages are well-written and give our users a chance to make better, more informed decisions”.
Learn more about how Tessian prevents human error on email Powered by machine learning, Tessian’s Human Layer Security technology understands human behavior and relationships. Tessian Guardian automatically detects and prevents misdirected emails Tessian Enforcer automatically detects and prevents data exfiltration attempts Tessian Defender automatically detects and prevents spear phishing attacks Importantly, Tessian’s technology automatically updates its understanding of human behavior and evolving relationships through continuous analysis and learning of an organization’s email network. That means it gets smarter over time to keep you protected, wherever and however your work. Interested in learning more about how Tessian can help prevent email mistakes in your organization? You can read some of our customer stories here or book a demo.
Schroders Case Study hbspt.cta.load(1670277, '57be6462-e7f3-4e36-ab06-cf44b24cb0cc', {"region":"na1"});
Read Blog Post
Spear Phishing
Everything You Need to Know About Tax Day Scams 2021
By Maddie Rosenthal
Tuesday, March 23rd, 2021
It’s that time of year again…Tax Day. But, making a payment to the IRS isn’t the only thing you need to be worried about. ‘Tis the season for tax day scams. These phishing attacks can take many different forms. In the US, these attacks will use the deadline (May 17, 2021 – extended from April 15, 2021) to file your income tax returns as bait. In the UK, these attacks will use your potential tax refund as bait.  But we’re here to help.  Here’s what you need to look out for and what to do in case you’re targeted by Tax Day scams. 
 What do Tax Day scams look like? As is the case with other phishing and spear phishing attacks, bad actors will be impersonating trusted brands and authorities and will be – in some way – motivating you to act. Want to learn more about impersonation or get a better idea of what the average phishing attack looks like? Check out these articles: What is Phishing? Phishing 101 What is Spear Phishing? The Difference Between Phishing and Spear Phishing  What is Email Impersonation? Please note: In this article, we’re exploring Tax Day scams on email. You may also receive phone calls or text messages from bad actors, claiming that you’re being investigated for tax fraud or have an overdue bill. They may also simply request more information from you, like your name and address, or bank account details. You shouldn’t give any of this information away over the phone. Government organizations will never call you or use recorded messages to demand payment. Now, let’s take a closer look at how they do both through a series of examples. Example 1: IRS Impersonation 
What’s wrong with this email? The IRS has said they never contact taxpayers by email, so any correspondence “from” them is illegitimate There is an extra “r” in “internal” in the sender’s email address Email addresses from government agencies will always contain the toplevel domain “.gov” There are spelling errors and inconsistencies in the text that you wouldn’t expect from a government agency Example 2: Tax-Preparation Software Impersonation
What’s wrong with this email? While the sender’s email address does contain the company name (Fast Tax), the toplevel domain name (.as) is unusual The sender is motivating the target to follow the embedded link by claiming their tax return is incomplete Upon hovering over the link, you’ll see the URL is suspicious. Please note, though: A suspicious URL can still take you to a landing page that appears legitimate. These are called malicious websites. Want to learn how to spot a malicious website? Check out this article. Example 3: HMRC Impersonation
What’s wrong with this email? While the Display Name, email template, logos, and language used in the email seem consistent with HMRC, the sender’s email address contains the toplevel domain “.net” instead of “” Upon hovering over the link, you’ll see the URL is suspicious Example 4: Client Impersonation
What’s wrong with this email? Unfortunately, in this case, there are no obvious giveaways that this is a phishing scam. However, if Joe, the tax accountant in this scenario, knew he hadn’t met or interacted with a woman named Karen Belmont, that could be a warning sign Individuals and organizations should always be wary of attachments and should have anti-malware and/or virus protection in place This examples demonstrates the importance of having policies in place to verify clients beyond email. And remember, there’s nothing wrong with being extra cautious this time of year. Example 5: CEO Impersonation
What’s wrong with this email? The the sender’s email address ( is inconsistent with the recipient’s email address ( The attacker is impersonating the CEO, hoping that the target will be less likely to question the request; this is a common social engineering tactic  The attacker is using urgency both in the subject line and the email copy to motivate the target to act quickly Because this is a zero-payload attack (an attack that doesn’t rely on a link or attachment to carry malware), anti-malware or anti-virus software wouldn’t detect the scam You can learn more about CEO impersonation (also called CEO fraud) in this article: What is CEO Fraud? Who will be targeted by Tax Day scams?  From the examples above, you can see that cybercriminals will target a range of people with their Tax Day scams. Taxpayers, tax professionals, and businesses are all susceptible and savvy hackers will use different tactics for each.  Here’s what you should look out for. Taxpayers Attackers will be impersonating trusted government agencies like the IRS and HMRC and third-parties like tax professionals and tax software vendors Attackers will use coercive language and the threat of missed deadlines or promises of refunds to motivate their targets to act Many phishing emails contain a payload; this could be in the form of a malicious link or attachment For more information on payloads, read this article: What is a Malicious Payload and How is it Delivered?  Tax Professionals Attackers will be impersonating either existing clients/customers or prospects. In either case, they’ll be pretending they need help with their tax return or tax refund Attackers will use the lure of new business or the threat of losing a customer to motivate their targets to act Many phishing emails contain a payload; this could be in the form of a malicious link or attachment.  Businesses Attackers will be impersonating CEOs, HR representatives, Finance Directors, or other individuals or agencies who need access to sensitive tax information Attackers are strategic in their impersonations of people in positions of power; people are less likely to question their superiors.  What do I do if I’m targeted by a Tax Day scam? While it’s true that attackers use different tactics and capitalize on different moments in time to trick their targets, individuals and businesses should always follow the same guidelines if they think they’ve received a phishing email.
First and foremost, always, always, always check the sender. Confirm that the domain is legitimate and that the Display Name matches the email address. Be wary of any emails that aren’t from a “.gov” address. If anything seems unusual, do not follow or click links or download attachments  Check for spelling errors or formatting issues. Be scrupulous! If anything feels off, proceed cautiously. (See below. If the email appears to come from an individual you know and trust, like a colleague, customer, or client, reach out to the individual directly by phone, text or a separate email thread If you’re an employee who’s been targeted, contact your line manager and/or IT team. Management should, in turn, warn the larger organization The best way to avoid falling victim to one of these scams is to simply not provide any personal information until you verify with 100% certainty that you’re communicating with a genuine agency, organization, or agent. Visit the organization’s website via Google or your preferred search engine, find a support number, and ask them to confirm the request for information is valid.
More resources As a security start-up, we’re committed to helping you stay safe. If you’re looking for more information on Tax Day scams, consult the following government websites. Advice from the IRS Advice from HMRC Looking for more advice about scams? Sign-up to our newsletter below to get articles just like this, straight to your inbox. 
Read Blog Post
Threat Intel
How Easy is it To Phish?
By Charles Brook
Wednesday, March 17th, 2021
You might assume that to carry out a phishing campaign you’d need to be fairly tech savvy or have committed a lot of time to learning how to become a “hacker”. But this is not necessarily the case.  Part of the continued increase in both the volume and sophistication of phishing attacks is due to the availability of free to use open source social engineering tools. These tools are primarily intended for use by security professionals but are not exclusively available to them. With a little bit of Googling, these tools can be easily found and be put to use by anyone—not just experienced cybercriminals. Of course, it is easier if an individual already has a fairly technical background, but this is not a requirement.  This blog is for educational purposes only, intended to help security professionals protect themselves against these email threats by better understanding how they are created. Creating a phishing campaign All anyone needs to be able to create their own phishing campaign is: An anonymous or disposable email address A target The ability to follow instructions One tool available that is commonly used by malicious and ethical hackers alike is the Social Engineering Toolkit, or SET for short. This is part of the default toolset that comes preinstalled on Kali, a Linux distribution built specifically for penetration testing and information security purposes. SET provides an intuitive command line interface, which provides step-by-step guidance for creating a social engineering scenario. This includes steps for phishing. With this tool a cybercriminal can easily create a phishing campaign on a mass scale against a list of email addresses they’ve sourced. Or they can create a more personalized and targeted spear phishing campaign. Depending on the type of attack a cybercriminal wants to perform, it can even include instructions on how to automatically clone a website login page to harvest credentials, or create a malicious file to infect targeted user machines.
SET is an extremely powerful tool in crafting social engineering attacks. It does require a cybercriminal to have a reasonable level of technical understanding though and, as stated at the start of this blog, not all cybercriminals need a deep technical background to create a phishing attack. Worryingly, there are a number of free open source tools that provide wannabe attackers with simple guides to building and deploying phishing campaigns.  Gophish is an example of another free and open source tool which provides a platform for crafting and deploying phishing campaigns, but with the added benefit of a friendly-looking graphic user interface. These tools tend to be used by security professionals for the purpose of testing and educating, but are available to anyone, which unfortunately includes people with bad intentions or motivations. That means bad actors could leverage them to potentially compromise an individual or organization. Tools like these require only a small amount of research in order to find, and there is no shortage of tutorials available explaining how to operate them. They often have the functionality to clone existing web pages and create fake or look-alike landing pages, to help campaigns appear more convincing. Additionally some even provide reporting functionality that allows you to visualize the “performance” of a campaign. For example, an attacker can view metrics on how many people were reached, how many clicked on a link, and how many credentials were captured or machines infected etc.
An even more basic method of phishing is display name impersonation, which does not require any special tools. All an attacker has to do is register a new email address and simply change the display name on the account to appear as someone else. This can be effective against recipients viewing emails on mobile devices, which typically only show the display name of a sender.  Phishing for Hire A cybercriminal doesn’t have to carry out an attack on their own. Hacking for hire is available across some of the less reputable parts of the internet, like the dark web—the part of the internet only accessible by means of special software that will allow someone to remain anonymous and untraceable while browsing. This is an online area where illegal or blackmarket activity regularly takes place. All you need to hire a hacker for a phishing campaign is: Ability to view the dark web via an anonymous browser Some cryptocurrency Accessing and browsing the dark web is also not as difficult as many might think. The Tor Project offers the most commonly used browser that will allow individuals to browse the internet anonymously and access the dark web From this browser, you can start searching using the default search engine provided to look for pages that will offer links to dark web marketplaces. Some of these links are even referenced by articles or research pieces that are indexed by major search engines making them easier to find. With enough browsing you will find more and more “hidden wiki” pages that will provide many more links that help navigate the dark web. There is a reasonable element of risk that comes with browsing the dark web. Plenty of scams and fake services exist, which even an experienced cybercriminal could fall victim to. But, if careful and persistent enough, it isn’t too difficult for an individual to find someone who could build and deploy a phishing campaign for them. These will be pages maintained by cybercriminals, outlining their services for hire, the specific techniques they offer, and their pricing structure. There are even reviews of hacking-for-hire services available, so that users can find the ones that will be the most reliable!
The cost of hiring a hacker? It can vary depending on who is hired and the specific service required, but services that might need social engineering could start from as little as $200 – $300 in cryptocurrency.  An example of a phishing attack detected by Tessian Phishing attacks can take many forms. Here is one example of a phishing email that was flagged by Tessian Defender:
In this example, an attacker is attempting to convince the recipient that they are a new HR Manager from an outsourced firm (a third-party vendor).  The key indicators that identify this as a phishing email are: It contains hyperlinked text concealing a link to a malicious website. Upon hovering, the suspicious URL is revealed. The sender plays on human kindness by pretending to be a new starter looking for help. A sense of urgency is used to encourage the recipient to act fast or something bad might happen. There are some minor grammatical errors, which are common amongst phishing emails. The email domain is not often seen across networks defended by Tessian. This is an additional flag made possible from insight generated by the Tessian Defender platform. This type of phishing email could have been easily constructed, distributed and tracked by a cybercriminal using an open source social engineering tool. Tessian Defender was able to identify the anomalous signals in this email and nudge the recipient into exercising caution. Looking for more examples of phishing attacks flagged by Tessian Defender? Check out this article. Conclusions The main conclusion to be drawn here is that it really isn’t very difficult for anyone to launch a phishing attack as long as they have the time and the will to do so. Some methods may require a little more technical ability or effort to research than others, and some may be riskier. But the availability of advanced and intuitive social engineering tools make phishing very accessible and simple to do.  This is likely to be a factor in why the volumes of phishing attacks are so high and why there are new campaigns appearing all the time. It’s the newer and more targeted spear phishing campaigns that present the greatest threat to individuals and organizations as they are more difficult to spot. The newer a phishing campaign is, the less likely it is to be flagged by conventional spam filters or rule-based detection platforms. If the campaign is highly targeted, then it will likely have been tailored to have the best chance of bypassing legacy controls and deceiving the target. The social engineering tools described in this post make it much easier for someone to customize and tailor a phishing campaign against a specific target demographic. What can you do to protect yourself? Most spam filters or rule-based email protection platforms are capable of detecting and mitigating the majority of known or recurring phishing campaigns. But this only applies to known campaigns and the detection platforms are only as good as their latest release, which is why it is important to keep your software up to date. One way to reduce your risk of compromise if you do ever fall for a phishing attack aimed at credential harvesting, is to make sure all your major online accounts have two-factor or multi-factor authentication enabled. This makes it more difficult for an attacker as they would also need the authentication token required to login with your credentials. It is also best practice to avoid using the same password repeatedly across different accounts. A common technique used by attackers with a list of stolen account credentials is to attempt to login with them across multiple online services on the off chance any of the same email address and password combinations may have been used. This technique is referred to as credential stuffing. Organizations can also make sure it is difficult for cybercriminals to spoof their domains by publishing and maintaining their DMARC authentication protocol records. They can also go a step further by adding canarytokens to their webpages so it’s easier to spot when cybercriminals are cloning their website for use in phishing campaigns. But, even DMARC isn’t enough to stop targeted impersonation attacks. Learn why.
Targeted spear phishing can be much harder to detect with automated tools. This is why it is important to be vigilant if you receive a suspicious looking email appearing to originate from someone you trust. If the content of the email or the behavior surrounding it feels abnormal in any way, then this can be a strong indicator that something is not right. You can find some specific examples of red flags to look out for in this article: What Does a Spear Phishing Email Look Like? Tessian Defender aims to identify this sort of anomalous behavior to help keep you protected from attackers who may try to socially engineer you into letting your guard down so they may achieve their malicious goals. You might have assumed that phishing requires a lot of skill and technical knowledge, but you’d be mistaken. Anyone can be phished by anyone.
Read Blog Post
Human Layer Security, DLP, Data Exfiltration
11 Examples of Data Breaches Caused By Misdirected Emails
Wednesday, March 17th, 2021
While phishing, ransomware, and brute force attacks tend to make headlines, misdirected emails (emails sent to the wrong person) are actually a much bigger problem. In fact, in organizations with 1,000 employees, at least 800 emails are sent to the wrong person every year. That’s two a day. You can find more insights in The Psychology of Human Error and The State of Data Loss Prevention 2020.  Are you surprised? Most people are. That’s why we’ve rounded up this list of 11 real-world (recent) examples of data breaches caused by misdirected emails. And, if you skip down to the bottom, you’ll see how you can prevent misdirected emails (and breaches!) in your organization.  If you’re looking for a bit more background, check out these two articles: What is a Misdirected Email? Consequences of Sending an Email to the Wrong Person 11 examples of data breaches caused by misdirected emails  1. University support service mass emails sensitive student information University and college wellbeing services deal with sensitive personal information, including details of the health, beliefs, and disabilities of students and their families.  Most privacy laws impose stricter obligations on organizations handling such sensitive personal information—and there are harsher penalties for losing control of such data. So imagine how awful the Wellbeing Adviser at the University of Liverpool must have felt when they emailed an entire school’s worth of undergraduates with details about a student’s recent wellbeing appointment. The email revealed that the student had visited the Adviser earlier that day, that he had been experiencing ongoing personal difficulties, and that the Adviser had advised the student to attend therapy. A follow-up email urged all the recipients to delete the message “immediately” and appeared to blame the student for providing the wrong email address. One recipient of the email reportedly said: “How much harder are people going to find it actually going to get help when something so personal could wind up in the inbox of a few hundred people?” 2. Trump White House emails Ukraine ‘talking points’ to Democrats Remember in 2019, when then-President Donald Trump faced accusations of pressuring Ukraine into investigating corruption allegations against now-President Joe Biden? Once this story hit the press, the White House wrote an email—intended for Trump’s political allies—setting out some “talking points” to be used when answering questions about the incident (including blaming the “Deep State media”). Unfortunately for the White House, they sent the email directly to political opponents in the Democratic Party. White House staff then attempted to “recall” the email. If you’ve ever tried recalling an email, you’ll notice that it doesn’t normally work.  Recalling an email only works if the recipient is on the same exchange server as you—and only if they haven’t read the email. Looking for information on this? Check out this article: You Sent an Email to the Wrong Person. Now What? Unsurprisingly, this was not the case for the Democrats who received the White House email, who subsequently leaked it on Twitter.  I would like to thank @WhiteHouse for sending me their talking points on how best to spin the disastrous Trump/Zelensky call in Trump’s favor. However, I will not be using their spin and will instead stick with the truth. But thanks though. — US Rep Brendan Boyle (@RepBrendanBoyle) September 25, 2019 3. Australia’s Department of Foreign Affairs and Trade  leaked 1,000 citizens’ email addresses On September 30, 2020, Australia’s Department of Foreign Affairs and Trade (DFAT) announced that the personal details of over 1,000 citizens were exposed after an employee failed to use BCC. So, who were the citizens Australians who have been stuck in other countries since inbound flights have been limited (even rationed) since the outbreak of COVID-19. The plan was to increase entry quotas and start an emergency loans scheme for those in dire need. Those who had their email addresses exposed were among the potential recipients of the loan. Immediately after the email was sent, employees at DFAT tried to recall the email, and event requested that recipients delete the email from their IT system and “refrain from any further forwarding of the email to protect the privacy of the individuals concerned.” 4. Serco exposes contact traces’ data in email error  In May 2020, an employee at Serco, a business services and outsourcing company, accidentally cc’d instead of bcc’ing almost 300 email addresses. Harmless, right? Unfortunately not.  The email addresses – which are considered personal data – belonged to newly recruited COVID-19 contact tracers. While a Serco spokesperson has apologized and announced that they would review and update their processes, the incident nonetheless has put confidentiality at risk and could leave the firm under investigation with the ICO.  5. Sonos accidentally exposes the email addresses of hundreds of customers in email blunder  In January 2020, 450+ email addresses were exposed after they were (similar to the example above) cc’d rather than bcc’d.  Here’s what happened: A Sonos employee was replying to customers’ complaints. Instead of putting all the email in BCC, they were CC’d, meaning that every customer who received the email could see the personal email addresses of everyone else on the list.  The incident was reported to the ICO and is subject to potential fines.
6. Gender identity clinic leaks patient email addresses In September 2019, a gender identity clinic in London exposed the details of close to 2,000 people on its email list after an employee cc’d recipients instead of bcc’ing them. Two separate emails were sent, with about 900 people cc’d on each.  While email addresses on their own are considered personal information, it’s important to bear in mind the nature of the clinic. As one patient pointed out, “It could out someone, especially as this place treats people who are transgender.”  The incident was reported to the ICO who is currently assessing the information provided. But, a similar incident may offer a glimpse of what’s to come.  In 2016, the email addresses of 800 patients who attended HIV clinics were leaked because they were – again – cc’d instead of bcc’d. An NHS Trust was £180,000. Bear in mind, this fine was issued before the introduction of GDPR. 7. University mistakenly emails 430 acceptance letters, blames “human error” In January 2019, The University of South Florida St. Petersburg sent nearly 700 acceptance emails to applicants. The problem? Only 250 of those students had actually been accepted. The other 400+ hadn’t. While this isn’t considered a breach (because no personal data was exposed) it does go to show that fat fingering an email can have a number of consequences.  In this case, the university’s reputation was damaged, hundreds of students were left confused and disappointed, and the employees responsible for the mistake likely suffered red-faced embarrassment on top of other, more formal ramifications. The investigation and remediation of the incident also will have taken up plenty of time and resources.  8. Union watchdog accidentally leaked secret emails from confidential whistleblower In January 2019, an official at Australia’s Registered Organisations Commission (ROC) accidentally leaked confidential information, including the identity of a whistleblower. How? The employee entered an incorrect character when sending an email. It was then forwarded to someone with the same last name – but different first initial –  as the intended recipient.  The next day, the ROC notified the whistleblower whose identity was compromised and disclosed the mistake to the Office of the Australian Information commissions as a potential privacy breach. 9. Major Health System Accidentally Shares Patient Information Due to Third-Party Software for the Second Time This Year In May 2018 Dignity Health – a major health system headquartered in San Francisco that operates 39 hospitals and 400 care centers around the west coast – reported a breach that affected 55,947 patients to the U.S. Department of Health and Human Services.  So, how did it happen? Dignity says the problem originated from a sorting error in an email list that had been formatted by one of its vendors. The error resulted in Dignity sending emails to the wrong patients, with the wrong names. Because Dignity is a health system, these emails also often contained the patient’s doctor’s name. That means PII and Protect health information (PHI) was exposed.  10. Inquiry reveals the identity of child sexual abuse victims This 2017 email blunder earned an organization a £200,000 ($278,552) fine from the ICO. The penalty would have been even higher if the GDPR has been in force at the time. When you look at the detail of this incident, it’s easy to see why the ICO wanted to impose a more severe fine. The Independent Inquiry into Child Sexual Abuse (IICSA) sent a Bcc email to 90 recipients, all of whom were involved in a public hearing about child abuse.  Sending a Bcc means none of the recipients can see each other’s details/ But the sender then sent a follow-up email to correct an error—using the “To” field by mistake. The organization made things even worse by sending three follow-up emails asking recipients to delete the original message—one of which generated 39 subsequent “Reply all” emails in response. The error revealed the email addresses of all 90 recipients and 54 people’s full names.  But is simply revealing someone’s name that big of a deal? Actually, a person’s name can be very sensitive data—depending on the context. In this case, IICSA’s error revealed that each of these 54 people might have been victims of child sexual abuse. 11. Boris Johnson’s dad’s email blunder nearly causes diplomatic incident Many of us know what it’s like to be embarrassed by our dad.  Remember when he interrogated your first love interest? Or that moment your friends overheard him singing in the shower. Or when he accidentally emailed confidential information about the Chinese ambassador to the BBC. OK, maybe not that last one. That happened to the father of U.K. Prime Minister Boris Johnson in February 2020. Johnson’s dad, Stanley Johnson, was emailing British officials following a meeting with Chinese ambassador Liu Xiaoming. He wrote that Liu was “concerned” about a lack of contact from the Prime Minister to the Chinese state regarding the coronavirus outbreak. The Prime Minister’s dad inexplicably copied the BBC into his email, providing some lucky journalists with a free scoop about the state of U.K.-China relations. It appears the incident didn’t cause any big diplomatic issues—but we can imagine how much worse it could have been if Johnson had revealed more sensitive details of the meeting.
Prevent misdirected emails (and breaches) with Tessian Guardian Regardless of your region or industry, protecting customer, client, and company information is essential. But, to err is human. So how do you prevent misdirected emails? With machine learning.  Tessian turns an organization’s email data into its best defense against human error on email. Our Human Layer Security technology understands human behavior and relationships and automatically detects and prevents emails from being sent to the wrong person. Yep, this includes typos, accidental “reply alls” and cc’ing instead of bcc’ing. Tessian Guardian can also detect when you’ve attached the wrong file. Interested in learning more about how Tessian can help prevent accidental data loss and data exfiltration in your organization? You can read some of our customer stories here or book a demo.
Read Blog Post
Spear Phishing
How to Prevent Email Impersonation | What You Can Do Now
Tuesday, March 16th, 2021
Email impersonation is a key method cybercriminals use to conduct phishing attacks. That’s because this technique is simple, accessible, and can evade many conventional security defenses.  By switching out characters in an email address, using false display names, securing top-level domains in the name of legitimate businesses, cybercriminals can impersonate your employees, vendors, or business partners — and they can do so pretty convincingly. Looking for more background on what exactly email impersonation is? We explore the definition and different types of email impersonation in this article: What is Email Impersonation? Everything You Need to Know. This article will guide you through how to recognize and combat email impersonation attacks.
We also have guidance on defending against related cybercrimes such as email spoofing, Business Email Compromise, and CEO fraud. Employee security awareness training Security leaders understand how important it is to involve the whole team in a company’s cybersecurity strategy. That’s why every security-conscious organization has an employee training program that helps staff to recognize signs of a phishing attack. But, it’s important your security awareness training is tailored, engaging, and consistently reinforced. Want more tips? Check out this article: The 7 Deadly Sins of Security Awareness Training. And – regardless of how tailored and engaging your training is – security awareness training can’t be your only defense against social engineering — many of the more sophisticated attacks just aren’t detectable by humans. Nonetheless, a security awareness program can help your team spot the more obvious signs of danger and understand the importance of cybersecurity. Signs of email impersonation Your employees should be able to realize when something suspicious is occurring. Email impersonation can be tricky to spot, but it usually is detectable — if you’re paying attention. So what are the signs to look out for that indicate email impersonation?  Let’s take a look at some of the different ways a cybercriminal could impersonate Elon Musk, CEO of Tesla, whose email (we’ll imagine) is [email protected]:
As you can see, cybercriminals have several options for impersonating an email address. Employees should look out for signs such as: Replacement characters (1 = l, a = 4, o = 0, etc.) Obscure or unexpected top-level domains Suspicious subdomains Incorrect domains associated with the username Display names that don’t correspond with the supposed sender We look at these email impersonation techniques in more detail in our article What Is Email Impersonation? Signs of a phishing attack Beyond recognizing the signs of email impersonation, employees must be aware of the more general signs of a phishing attack, which include: A sense of urgency: Social engineering attacks depend on exploiting the target’s emotions. A phishing email will normally use a very urgent tone. Incorrect branding: Some phishing emails attempt to imitate a company’s logos or branding. Although this is relatively easy, amateur cybercriminals can get it wrong. Poor spelling or grammar: Spelling and grammar errors are normally a sign of a phishing email, particularly if the fraudster is imitating an established business. Bear in mind that most sophisticated phishing emails don’t contain any of these giveaways. And you can’t always expect your employees to notice when they’re under threat.  We share five real-world examples of phishing attacks in this blog, which could help you educate your employees about what to look out for.  Deploy email security software As we’ve seen, email impersonation can be challenging for humans to spot.  That’s why deploying an intelligent inbound email security solution is key to preventing email impersonation. As your team switches to remote work, security software is more important than ever. Microsoft research shows that 80% of security professionals saw an increase in security incidents since employees started working from home. But traditional security solutions like Secure Email Gateways (SEGs) and spam filters can’t protect your employees against many email impersonation attacks. Tessian Defender uses machine learning, anomaly detection, behavioral analysis, and natural language processing to detect even the most subtle signs of email impersonation and phishing.  Here’s how Tessian Defender works: Tessian’s machine learning algorithms analyze your company’s email data. The software learns each employee’s usual communication patterns and maps their trusted email relationships — both inside and outside your organization. Tessian inspects both the content and metadata of inbound emails for any signals suggestive of email impersonation or other phishing attacks, such as suspicious payloads, geophysical locations, IP addresses, email clients, or sending patterns.  Once it detects a threat, Tessian alerts employees that an email might be unsafe, explaining the threat in easy-to-understand language. Click here to learn more about how Tessian Defender protects your team from email impersonation and other cybersecurity attacks. You can also explore our customer stories to see how they’re using Tessian Defender to protect their people on email and prevent social engineering attacks like phishing. Not ready to learn more about the solution? That’s okay! Sign-up for our newsletter below instead. You’ll be the first to know about new research and events and get helpful checklists and how-to guides straight to your inbox.
Read Blog Post
Spear Phishing
What is Email Impersonation? Everything You Need to Know
Tuesday, March 16th, 2021
Email impersonation might not be the most sophisticated phishing method, but it’s simple, it’s widespread, and it can be devastating. Keep reading to learn more. Email impersonation vs. email spoofing vs. account takeover First, we need to describe “email impersonation” and distinguish it from some closely-related concepts. Email impersonation: The attacker sets up an email address that looks like a legitimate email address (e.g. [email protected]). Email spoofing: A technical process where the attacker modifies an email’s headers so the receiving email client displays a false email address (the sender’s email address is “[email protected],” but the recipient sees “[email protected]” in their inbox) Account takeover: The attacker gains access to another person’s account (using hacking or stolen credentials) and uses it to send phishing emails. Email spoofing and account takeover require some technical ability (or, at least, access to the dark web). With email impersonation, though, the attacker just needs to secure a domain that looks like it could belong to a legitimate business.  This is easy (and cheap!) with domain registrars like GoDaddy. We explore different types of impersonation techniques below.  Phishing methods that use email impersonation Cybercriminals can use email impersonation to facilitate any type of email-based phishing attack. There are some types of phishing in which email impersonation is particularly common, including: Business Email Compromise (BEC) — Impersonating a business CEO fraud — Impersonating a company executive and targeting one of their employees Whaling — Targeting a company executive These are all among the more sophisticated and targeted types of phishing attacks. These types of attacks must employ email impersonation, email spoofing, or account takeover to be successful. Types of email impersonation Now we’ll look at the various ways a cybercriminal can impersonate an email address. To understand these, you’ll need to know about the different parts of an email address:
Each of these elements of an email address is relevant to a different type of email impersonation. Root domain-based email impersonation A company’s root domain is usually the most distinctive part of its email address. It’s the part immediately before the top-level domain (e.g. “.com”) — the “Amazon” in “[email protected]”. Root domain impersonation involves creating a root domain using replacement characters, so it looks like an email has arrived from a legitimate company. Here’s an example:
In this root domain impersonation, the attacker has replaced the “l” in “external” and “supplier” with a “1”. At first glance, the recipient might not notice this, and they might treat the email as though it has come from “External Supplier.” Top-level domain-based email impersonation The top-level domain is the part after the root domain: e.g., “.com”, “.jp”, or “.net”. The top-level domain usually denotes a country or a type of organization. For example: .com — Commercial organizations .uk — Internet country code for the UK .gov — US government agency Sometimes, a second-level domain accompanies a top-level domain: — Commercial organization from the UK — Higher education institution from Japan — Organization from Warsaw, Poland Using top-level domain impersonation, a cybercriminal can create an authentic-looking email address that the recipient might assume belongs to a legitimate organization (if they even notice it). Here’s an example:
Here we have “” imitating “”. The top-level domain “.io” is actually registered to British Indian Ocean Territory (BIOT), but Google recognizes it as “generic” because many non-BIOT organizations use it. Subdomain-based email impersonation A subdomain appears after the “@” sign, but before the root domain. For example, in “[email protected]”, the subdomain is “mail”. Most email addresses don’t have a subdomain. An attacker can use subdomains to impersonate a legitimate company in two main ways: Using a company’s name as a subdomain to the attacker’s domain. For example, in “[email protected]”, “amazon” is the subdomain and “mailerinfo” is the domain. Splitting a company’s name across a subdomain and domain. Here’s an example of the second type of subdomain impersonation:
Display name impersonation A display name is how an email client shows a sender’s name. You can choose your display name when you sign up for an email account. We explore display name impersonation in more detail in this article: How to Impersonate a Display Name. Display name impersonation exploits a bad habit of mobile email clients. On mobile, common email clients like Outlook and Gmail only display a sender’s display name by default. They don’t display the sender’s email address.  So, even an email address like “[email protected]” might show as “Amazon Customer Services” in your mobile email client — if that’s the display name that the attacker selected when setting up the account. But this isn’t a mobile-only problem. According to new research, just 54% of employees even look at the email address of a sender before responding or actioning a request. This is good news for attackers, and bad news for businesses.  You can learn more about employees’ habits – and hacker’s tactics – in this report: How to Hack a Human. Username impersonation The username is the part of the email address that appears before the “@” symbol. For example, in “[email protected]”, the username is “bill.gates”. Username impersonation is the least sophisticated form of email impersonation, but it can still work on an unsuspecting target. This technique is sometimes called “freemail impersonation,” because scammers can register false usernames with Gmail or Yahoo.  With this technique, they can create accounts that look like they could belong to your CEO, CFO, or another trusted person in your network.  Here’s an example:
More resources on email impersonation Now you know the basic techniques behind email impersonation, read our articles on preventing email impersonation, CEO fraud, and Business Email Compromise to find out how to protect your business from these cyberattacks. You can also learn how Tessian detects and prevents advanced impersonation attacks by reading our customer stories or booking a demo. Not quite ready for that? Sign-up for our newsletter below instead. You’ll be the first to know about new research and events and get helpful checklists and how-to guides straight to your inbox.
Read Blog Post
Spear Phishing
What is Whaling? Whaling Email Attacks Explained
Friday, March 12th, 2021
Let’s jump straight into it…
Wondering why cybercriminals often target the boss, rather than someone lower down the chain of command? The answer is simple: Senior staff members staff have the greatest power, access, and influence in a company. This article will look at how whaling works, and how it fits into the broader cybercrime landscape. Then we’ll take a look at some real examples of whaling attacks. How whaling works First, it’s important to understand that whaling is a type of phishing attack. And, broadly speaking, there are two types of phishing attacks.  Phishing “in bulk” is like using a trawl net. Cast your net wide — by sending as many phishing emails as you can — and you’re likely to catch quite a few unfortunate minnows. With spear phishing, you aim your spear — or email — at a specific fish (er, person). Targets are carefully chosen, and emails are carefully crafted with the specific target in mind. Be patient, be smart, and you might catch something valuable. So what about whaling? Well, whaling is a type of spear phishing.  Whales — or company executives — are the biggest fish in the sea: They’re hard to catch, but if you manage to harpoon one, you could make a lot of money. Scroll down the page for examples of whaling, and you’ll see what we mean.  Okay — whales are mammals, not fish… but you get our point.  A company executive is the ultimate prize for cybercriminals. The boss can access information and resources that no other employee can reach.  Why target company executives? Ultimately, a CEO or CFO is just as likely to fall victim to a social engineering attack as any other employee. In fact, they’re arguably even more likely to do so. A whaling attack email usually asks the target to make a high-pressure decision. Here’s an example of the type of email a company executive might receive as part of a whaling attack:
If the boss is busy, stressed, or overworked (and hopefully they’re busy, at least), they’re more vulnerable to these types of cyberattacks. Tessian research suggests that more than half of employees felt they were more likely to make mistakes at work when they were stressed. Furthermore, higher-level employees have greater access to money and data: the two things cybercriminals want most. Whaling vs. other types of cyberattack How does whaling fit into the cybercrime landscape?  There are many types of cybercrime. Some are interrelated; others frequently get conflated.  As we mentioned, whaling is a type of spear phishing: a phishing attack targeted at a specific individual — in this case, a company executive. Here are some types of cyberattacks that can involve whaling, if they specifically target a company executive: Business Email Compromise (BEC): A phishing attack that uses a compromised corporate email address. Wire transfer phishing: A phishing attack involving invoice fraud. Credential phishing: A phishing attack aiming to steal login credentials Smishing: Phishing via SMS Vishing: Phishing via voice (e.g., via phone or VoIP software) In other words, a whaling attack can also be a wire transfer phishing attack, for example, — if the attacker aims to persuade the target to transfer money into a bank account they control. Whaling sometimes gets conflated with another important type of cybercrime: CEO fraud. Here’s the difference: In a CEO fraud attack, the attacker impersonates a company executive and targets someone less senior. In a whaling attack, the company executive is the target. Of course, there can be some crossover between these two phishing techniques, too — where a cybercriminal impersonates one company executive and targets another. This occurred in 2017, in a scam that resulted in a $17 million loss for commodities trading company Scoular. Examples of whaling Here are some examples of businesses that fell victim to whaling attacks, to give you an idea of how damaging this type of cybercrime can be. Hedge fund co-founder targeted via Zoom In November 2020, the co-founder of Australian hedge fund Levitas Capital followed a fake Zoom link that installed malware on its network. The attackers attempted to steal $8.7 million using fraudulent invoices. In the event, they only got away with $800,000. But the reputational damage was enough to lose Levitas its biggest client, forcing the hedge fund to close. Aerospace firm fires CEO after $58 million whaling loss The CEO of Austrian aerospace company, FACC, was fired for his part in a whaling attack that cost the company around $58 million in 2016. A statement from the company said the CEO, Walter Stephen, had “severely violated his duties” by allowing the attack to occur. Small business owner loses $50,000 Whaling doesn’t just mean big companies losing millions of dollars — small businesses are affected, too. In an interview with NPR, “Mark,” the owner of a small real-estate firm, discussed how he fell victim to a targeted account takeover attack. In this sophisticated cyberattack, a hacker interrupted Mark’s email conversation with his partner, seizing the opportunity to divert a bank transfer for $50,000. How to Prevent Whaling Now you understand the dangers of whaling, you might be wondering how you can avoid falling for whaling attacks or – better yet – prevent whaling attacks from landing in your inbox in the first place.  Your best bet? In addition to security awareness training, intelligent email security software.  To learn more about how Tessian solves the problem, check out our customer stories or book a demo. Or, if you’d rather learn more about whaling and be the first to hear about the latest attacks, sign up for our newsletter. (Just fill in the short form below.)  
Read Blog Post
Human Layer Security
Email is the #1 Threat Vector. Here’s Why.
Thursday, March 11th, 2021
Billions of people use email everyday — it’s the backbone of online collaboration, administration, and customer service. But businesses lose billions to email-based cyberattacks every year. Workers use email to exfiltrate sensitive company data. And simple human errors, like sending an email to the wrong person, can be highly problematic. The bottom line: for all its benefits, email communication is risky and, according to research, it’s the threat vector security leaders are most concerned about protecting.  This article will look at the main threats associated with using email — and consider what you can do to mitigate them. The scope of the problem Before we look at some of the risks of email communication, let’s consider the scope of the problem. After all, around 4 billion people worldwide use email regularly.  2020 estimates showed that people send and receive around 306.4 billion emails per day — up 4% from 2019. The Digital Marketing Association suggests that 90% of people check their email at least once per day.  Adobe data shows that email is the preferred contact method for marketing communications — by a long shot. So, with alternative platforms like Slack and Teams rising in popularity. why does email remain the world’s main artery of communication? Email is platform-independent, simple, and accessible. No company would consider cutting email out of its communication channels.  But for every “pro” involved in using email, there’s a “con.” If you’re relying on email communication, you need to mitigate the risks. Security risks involved in using email  A major risk of email communication is security. Because it’s so flexible and easy-to-use, email carries a unique set of security risks. Phishing attacks  Phishing is a type of online “social engineering” attack. The attacker impersonates somebody that their target is likely to trust and manipulates them into providing sensitive information, transferring money, or revealing login credentials. Around 90% of phishing occurs via email. Here are the main types: Spear phishing: The attacker targets a specific individual (instead of sending bulk phishing emails indiscriminately). Whaling: The attacker targets a CEO or other executive-level employee. Business Email Compromise (BEC): A phishing attack in which the attacker appears to be using a legitimate corporate email address. CEO fraud: The attacker impersonates a company’s CEO and targets a junior employee. Wire transfer phishing: The attacker persuades a company employee to transfer money to a fraudulent bank account. Credential phishing: The attacker steals login details, such as usernames or passwords While today, most people are attuned to the problem of phishing, the problem is only getting worse. Don’t believe us? Check out these 50+ must-know phishing statistics. That means phishing protection is an essential part of using email. Looking for more information on inbound email protection? Click here.  Insider threats As well as inbound email threats, like phishing, you must also consider the threats that can arise from inside your business. Tessian survey data suggests that 45% of employees download, save, send, or otherwise exfiltrate work-related documents before leaving their job. The most competitive industries — like tech, management consultancy, and finance — see the highest rates of this phenomenon.  !function(e,t,s,i){var n="InfogramEmbeds",o=e.getElementsByTagName("script"),d=o[0],r=/^http:/.test(e.location)?"http:":"https:";if(/^\/{2}/.test(i)&&(i=r+i),window[n]&&window[n].initialized)window[n].process&&window[n].process();else if(!e.getElementById(s)){var a=e.createElement("script");a.async=1,,a.src=i,d.parentNode.insertBefore(a,d)}}(document,0,"infogram-async","//"); Email is a quick and convenient way to send large amounts of data to external contacts — and can be a pipeline for disgruntled or corrupt employees to siphon off company assets. If you want to learn more about insider threats, including real-world examples, check out these articles: What is an Insider Threat? Insider Threat Types and Real-World Examples Insider Threat Statistic You Should Know Insider Threat Indicators: 11 Ways to Recognize an Insider Threat Remote working Phishing is a booming criminal industry — and there’s evidence that the new patterns of remote working are making phishing more common than ever. Tessian research shows that 65% of US and UK employees received a phishing email when working remotely in 2020 due to the COVID-19 pandemic, and 82% of IT leaders think their company is at greater risk of phishing attacks when employees are working from home. If your company operates a hybrid or remote working model, email security is even more crucial. Human error on email Innocent mistakes can be just as harmful as cyberattacks. In fact, 88% of data breaches are caused by human error. Misdirected emails Research shows that most people have sent at least one email to the wrong person, with nearly one-fifth admitting to sending an email to someone outside of their organization. Our platform data also shows that there are, on average, 800 misdirected emails per year in companies with more than 1000 employees.That’s two a day.  Sending an email to the wrong recipient is so common, you might not think they’re a big deal. But data from the UK’s Information Commissioner’s Office (ICO) consistently shows that misdirected emails are the number one cause of reportable data breaches. Misspelling, autocorrect, reply-all — these are all reasons you might send an email to the wrong recipient. It’s a serious risk of email communication — but you can prevent it. Misattached files Along with misdirected emails, “misattached files” are a major cause of data loss. New data shows some very worrying trends related to people sending emails with incorrect attachments. First, here’s what’s inside the documents people are sending in error: 42% contained company research or data  39% contained security information, such as login credentials  38% contained financial information and client information  36% contained employee data The survey also shows that – as a result of sending misattached files – one-third lost a customer or client — and 31% faced legal action. Email communication: how to mitigate the risks The risks we’ve described all depend on human vulnerabilities. Cyberattackers prey on people’s trust and deference to authority — and anyone can make a mistake when sending an email. That’s why email security is a must. Looking for help choosing a solution? We’ve put together this handy guide: 9 Questions That Will Help You Choose the Right Email Security Solution. If you want more tips, how-to guides, and checklists related to email security specifically and cybersecurity more broadly, sign-up for our newsletter!  While you’re here… Tessian software mitigates all types of risks associated with email communication: Tessian Defender: Automatically prevents spear phishing, account takeover, business email compromise, and other targeted email attacks. Tessian Enforcer: Automatically prevents data exfiltration over email. Tessian Guardian: Automatically prevents accidental data loss caused by misdirected emails and misattached files.
Read Blog Post
5 Cybersecurity Stats You Didn’t Know (But Should)
By Maddie Rosenthal
Monday, March 8th, 2021
When it comes to cybersecurity – specifically careers in cybersecurity –  there are a few things (most) people know. There’s a skills gap, with 3.12 million unfilled positions. There’s also a gender gap, with a workforce that’s almost twice as likely to be male.  But, we have good news. We surveyed 200 women working in cybersecurity and 1,000 recent grads (18-25 years old) for our latest research report, Opportunity in Cybersecurity Report 2021,  and the skills and gender gap seem to both be closing, and women working in the field are happier than ever, despite a tumultuous year.   Here’s five cybersecurity stats you didn’t know (but should). P.s. There are even more stats in the full report, and plenty of first-hand insights from women currently working in the field and recent grads considering a career in cybersecurity.
1. 94% of cybersecurity teams hired in 2020 As we all know, COVID-19 has had a profound impact on unemployment rates. But, as the global job market has contracted, cybersecurity appears to have expanded. According to our research, a whopping 94% of cybersecurity teams hired in 2020. Better still, this hiring trend isn’t isolated; it’s consistent across industries, from Healthcare to Finance. Want to know which industries were the most likely to hire in 2020? Download the full report. 2. Nearly half of women say COVID-19 POSITIVELY affected their career
This is one figure that we’re especially proud to report: 49% of women say COVID-19 positively affected their career in cybersecurity. In the midst of a global recession, this is truly incredible. Is it increased investment in IT that’s driving this contentment? The flexibility of working from home? An overwhelming sense of job security? We asked female cybersecurity professionals, and they answered. See what they had to say.  3. 76% of 18-25 year olds say cybersecurity is “interesting” Last year, we asked women working cybersecurity why others might not consider a job in the field. 42% said it’s because the industry isn’t considered “cool” or “exciting”. We went directly to the source and asked recent grads (18-25 years old) and our data tells a different story. 76% said of them said that cybersecurity is interesting.  This is encouraging, especially since… 4. ⅓ of recent grads would consider a job in cybersecurity !function(e,t,s,i){var n="InfogramEmbeds",o=e.getElementsByTagName("script"),d=o[0],r=/^http:/.test(e.location)?"http:":"https:";if(/^\/{2}/.test(i)&&(i=r+i),window[n]&&window[n].initialized)window[n].process&&window[n].process();else if(!e.getElementById(s)){var a=e.createElement("script");a.async=1,,a.src=i,d.parentNode.insertBefore(a,d)}}(document,0,"infogram-async","//"); While we don’t have any data to compare and contrast this number to, we feel confident saying that interest in the field is growing. Perhaps fueled by the fact that it is – actually – interesting? 31% of recent grads say they would consider a job in cybersecurity. But men are almost twice as likely as women to float the idea.   Want to know why? We pulled together dozens of open-ended responses from  our survey respondents. Click here to see what they said.  5. There’s $43.1 billion up for grabs…
Today, the total value of the cybersecurity industry in the US is $107.7 billion. But, if the gender gap were closed, and the number of women working in the field equaled the number of men, the total value would jump to $138.1 billion. And, if women and men earned equal salaries, it’d increase even more.  The total (potential) value of the industry? $150.8 billion.
Read Blog Post
What is a Misdirected Email?
Friday, March 5th, 2021
Misdirected emails are common — sending an email to the wrong person is an easy mistake. Who hasn’t done it? But they can also be disastrous, potentially damaging a company’s reputation, revealing its confidential data, and breaching its customers’ privacy. If you’re looking for a solution versus an explanation of the problem, we’ve got you covered. Learn more about how Tessian Guardian prevents misdirected emails. How common are misdirected emails? Many of us have been using email daily for our entire working lives. In fact, around 4 billion people use email regularly, sending around 306.4 billion emails every day. That explains why misdirected emails are such a major problem. According to research, 58% of people have sent an email to the wrong person while at work, with 20% of recipients stating that this action has lost their company business — and 12% stating that it cost them their job.  And according to Tessian platform data, organizations with over 1,000 employees send around 800 misdirected emails every year. That’s more than two emails a day.  Indeed, year after year, the UK’s Information Commissioner’s Office reports misdirected emails as the number one cause of data breaches. And the latest breach data from California also shows that email “misdelivery” was the most common type of data breach caused by human error. Looking for some examples? Check out this article: 7 Data Breaches Caused by Misdirected Emails. Why do misdirected emails keep happening? So — why do we keep making this mistake?  Well, the problem is partly down to burnout. Around 52% of people say they were more likely to make mistakes while tired — and 93% said they were tired at some point during the working week. But there are some technical issues that lead to misdirected emails, too. Spelling mistakes Email is “interoperable,” meaning that, for example, Gmail users can email Outlook users without issue. In fact, any two people can email each other, as long as they have internet access. So this communication method is highly flexible — but also open to sending errors. Need to email your payroll data/passport photo/HR file to [email protected]? Make sure you don’t accidentally type “[email protected]”, or worse — “[email protected]”. The “To” field takes us back to a time before spellcheck began correcting our mistakes without us even noticing. One wrong letter can lead to a data breach. Autocomplete When you’re typing an email address into Gmail, Outlook, or any other popular email client, you may notice the “autocomplete” function trying to finish it off for you. Autocomplete can be a very useful feature when you email the same person regularly. But autocomplete can also lead to misdirected emails. Autocomplete can lead to misdirected emails when:  You start typing in the “To” field. You see the autocomplete function completing the recipient’s name. You press “Tab” or “Enter” — without checking whether autocomplete has chosen the right recipient from your address book, Productivity guru Cal Newport estimates that we send and receive around 126 email messages per day — so features like autocomplete save businesses significant amounts of time. But the impact of one misdirected email can undo these benefits. Bcc error Bcc (which stands for “blind carbon copy”) lets you hide recipients when sending an email.  There are a few benefits to using Bcc, but its most useful function is when emailing a large group of people. If you don’t want any of the recipients to know who else got the email, you can put them all in the Bcc field. Mailing lists are covered by data protection laws, such as the EU General Data Protection Regulation (GDPR). In most cases, each recipient of an email has the right to keep their email address private from the other recipients.  That’s why accidentally using the “Cc” or “To” field instead of the “Bcc” field can constitute a data breach. Indeed, in January 2020, speaker company Sonos referred itself to the UK’s data regulator after an employee accidentally copied 450 recipients into the Cc field. The dreaded “Reply All” Here’s one almost all of us have done before — hitting “Reply All” on an email to multiple recipients when we only meant to email one person (e.g., the sender). In most cases, accidentally “replying to all” is little more than an embarrassment. But consider Maria Peterson, who, in 2018, accidentally replied to all of Utah’s 22,000 public sector employees. Misattached files Misattached files and misdirected emails aren’t the same things — but misattached files (attaching the wrong file to an email) deserve a dishonorable mention in this article.  Around one in five emails contains an attachment, and Tessian research reveals some troubling data about this type of human error-based data breach: 48% of employees have emailed the wrong attachment 42% of misattached files contained company data or research 39% contained authentication data like passwords Misattached files caused the offending company legal issues in 31% of cases Looking for a solution? We have one.  Next steps We’ve looked at five types of misdirected email, and hopefully, you understand how serious a problem misdirected emails can be. To find out how to prevent — or recover from — misdirected emails, take a look at our article: You Sent an Email to the Wrong Person. Now What?
Read Blog Post
Spear Phishing
5 Real-World Examples of Phishing Attacks
By Maddie Rosenthal
Thursday, March 4th, 2021
75% of organizations experienced some kind of phishing attack in 2020. Of those attacks, almost all (96%) arrived via email. So, what does a phishing attack look like? We’re rounded up 5 REAL examples of phishing attacks, all detected (and prevented) by Tessian Defender. See those alerts at the top of each email? These are Defender’s in-the-moment warnings that explain exactly why the email has been flagged as suspicious.  If you’re looking for more information about phishing, check out these resources: What is Phishing? What is Spear Phishing? Must-Know Phishing Statistics: Updated 2021 Phishing vs. Spear Phishing What Does a Spear Phishing Email Look Like? Phishing Example 1: The attacker is encouraging the target to sign an “updated employee handbook”
Let’s break down this phishing attack. In this example, the attacker is pretending to be an HR employee. But, the sender’s email address <[REDACTED]> does not match the domain of the target. In the email, the attacker is claiming that the target needs to sign a new employee handbook, and provides a link, which leads to an online Word document. 
This document prompts the target to click on another link, which leads the user to a fake O365 login page. The goal: To gain access to the target’s login credentials. This is called credential phishing. The attacker is using social engineering tactics to motivate the user to act now. For example, noting that “20% of employees have already accepted” and “we are all required to review and sign an acknowledgement of the handbook upon receipt of this email”.  COVID-19 is also used as a pretext for sending the handbook in the first place, which gives legitimacy to their request. Bad actors used COVID-19 as a means to dupe target a lot throughout 2020, and still now in 2021. Check out these blogs for more information: COVID-19: Real-World Examples of Opportunistic Phishing Attacks   How Hackers Are Exploiting the COVID-19 Vaccine Rollout Phishing Example 2: The email is a spoof of an MS Teams notification
Let’s break down this phishing attack. In this example, the attacker is leveraging a fake notification from a trusted platform – Microsoft Teams – instead of impersonating a trusted person/team. The goal? Credential theft. If the user clicks on the “Reply in Teams” button, they’ll be led to a fake login page. If they enter their details, their account will be compromised. And, if the employee uses the same password for multiple accounts (which 85% of employees do), the bad actor could have access to multiple systems.
Note: Instead of seeing “xxxxxx”, the target would see their email address. Not only does this  increase the legitimacy of the webpage and make the user feel like they’ve logged in before, it also reduces the friction for the user to move on to the next step, which will be entering their password.  If you actually did use Microsoft Teams at work, you’d have no reason to believe this is suspicious or malicious. The email looks like the real deal and was likely templated from a genuine notification. The email itself is a domain spoof, and spoofs the target’s own email address. This is particularly clever because – well – it’s not implausible that Microsoft Teams would actually send emails “from” the user’s own email address. You can learn more about email spoofing here: What is Email Spoofing? How Does Email Spoofing Work? Phishing Example 3: The attacker is pretending to be a new starter 
Let’s break down this phishing attack. In this example, the attacker is pretending to be a new starter at the target’s company’s outsourced HR management firm. This is an especially effective social engineering tactic that preys on human kindness. Who doesn’t want to help out a newbie?  The language in the email is also quite informal and friendly; this will make the target feel comfortable and lower their guard.  At face value, the email address <[email protected][REDACTED].com> isn’t suspicious. But, it may raise red flags for the target if he or she hasn’t heard from anyone with that domain before. But only 54% of employees say they look at the sender’s email address before responding to an email or actioning a request.  The attacker is trying to encourage the target to click on a link to preview a PDF urgently – “in the next two hours”. Tessian Defender has also flagged that this is a bitly link. Bad actors often use these shortened URLs to make it more difficult for the target to know what website they’ll be taken to if they do click.  Of course, the link doesn’t lead to a PDF. It leads to a malicious website. If the target were to click the download button, malware would likely be deployed.
Phishing Example 4: The email claims to be verifying account activity on GoDaddy
Let’s break down this phishing attack. In this example, the attacker is impersonating GoDaddy – the world’s largest domain register company, with over 40 million domain names under its management. While GoDaddy appears in the Display Name and several times in the body of the email (including a logo), and there aren’t any obvious spelling errors or grammar mistakes, a savvy employee would notice that the sender’s email address <[REDACTED]> doesn’t match. Remember, though: Most employees don’t examine email addresses before responding or actioning a request. Again, the name of the game here is credential phishing. If the target follows the link to “prove they’re the account holder” they’ll be sent to a fake GoDaddy sign-in page. If they enter their login details, their credentials will be compromised. This is an especially dangerous attack because – if an employee’s login credentials for GoDaddy were compromised – the attacker could (quite literally) take over your website. They could steal your customer’s data or even use your website to host other phishing websites.  Phishing Example 5: The email appears to be sent from the company’s Microsoft File Sharing service 
Let’s break down this phishing attack. Again, in this example, the attacker is leveraging a fake notification from Microsoft. This time, though, it’s from Microsoft File Sharing service. Unsurprisingly, the attacker is after the target’s credentials. (This is called credential phishing, remember?) If the user clicks on the “Preview Online” button – a malicious link – they’ll be taken to a lookalike website.  If the target does input their credentials, they won’t login to Microsoft File Sharing. Instead, the details will be sent directly to the hacker, who will then have easy access to the user’s account.  Notice that the notification is well-formatted and looks like a genuine email from Microsoft. There aren’t any obvious spelling or grammar errors. The average person would likely fall for this attack.  The “[REDACTED], FIY” note was included on purpose. The attacker is trying to pique the target’s interest. Wouldn’t you want to know what the message said? The more curious and emotional we get, the more likely we are to click a link without thinking of security. Did you know? Microsoft is one of the most impersonated brands in phishing attacks. Find out who else makes the list.
Read Blog Post
Relationship 15: A Framework to Help Security Leaders Influence Change
By Maddie Rosenthal
Wednesday, March 3rd, 2021
The role of the CISO and other security professionals has changed. Instead of focusing purely on IT and infrastructure, security leaders are now responsible for communicating risk, enabling individuals and teams, and influencing change at all levels of the organization. But, that’s easier said than done…especially when research shows less than 50% of employees (including executives) can identify their CISO.  The key? Building relationships with the right people. We have a framework that can help you not just build the right relationships, but also support your overall communication strategy. Introducing Relationship 15. What is the Relationship 15 Framework? The Relationship 15 Framework is a personal development tool that helps you map the core strategic relationships you need to forge and foster to be successful. 
Download the Relationship 15 Framework template now.
How can this framework help security leaders?  As we’ve said, the role of the CISO has evolved. But, in many organizations, they still don’t have a seat at the table.  The question is: who can help get you there? Who can help boost your credibility, bolster your influence, and support your key initiatives? To name a few…CEOs, GCs, CFOs, and the board. The list goes on. But credibility, influence, and support have to be earned, and you have to leverage people outside of your cybersecurity bubble.   Patricia Patton – the former Global Head of Professional Development at Barclays and Executive Coach at LinkedIn – has decades of experience helping business leaders and politicians forge better relationships.  To her, it’s easy to see why CISOs and other leaders in the industry would leverage a framework like Relationship 15.  “This framework gives you the opportunity to be intentional about the relationships you want to build and be proactive in making connections versus repairing broken relationships. This helps build trust, which is essential for security leaders who absolutely must build trust with the rest of the business,” she said.  3 steps to map out your Relationship 15 Look inwards. Think about your role, your strengths and weaknesses, and the businesses’ objectives. Before you move on to step two, pause and embrace the notion that relationships really matter. The goal of this exercise isn’t to build perfect relationships overnight, but to help you align, influence, and succeed in partnership with others. Identify 15 people who you need to cultivate relationships with to succeed.  Remember, though, that “success” is multi-faceted. There are people who will help you succeed, people who will help your team succeed, and people who will help the business succeed. We recommend choosing five people for each of these three categories (hence the name Relationship 15!).  Note: these people shouldn’t be limited to your department, your sphere of influence, or even your organization. And, don’t forget to include your peers and mentors. Create a plan to build these relationships. Scheduling regular catch-ups and creating seamless feedback loops will both help, but you have to be intentional. These relationships aren’t purely transactional and it’s not all about you. Both parties need to show up, demonstrate their value, share their expertise, listen to understand, and respond empathetically.  Top tip: Consider your own communication style and take the time to understand everyone else’s. This free assessment is a good place to start.  Looking for more advice? We share 16 tips from security and compliance leaders about getting buy-in in this article: How to Prove the Value of Cybersecurity.  Who’s in your Relationship 15? At Tessian Human Layer Security Summit on March 3, an incredible panel of women discussed Relationship 15 in depth. We asked who they’d include in their security taskforce to help influence change, reduce their organization’s risk, and drive business objectives. Here’s what they had to say. Gaynor Rich, Global Director of Cybersecurity Strategy and Transformation at Unilever  Data Privacy Officer(s) Chief Compliance Officer(s) Audit and Risk Manager(s) The Board Executives and key stakeholders within Unilever’s supply chain Other men and women in similar roles Annick O’Brien, Data Protection Officer and Cyber Risk Officer Chief Information Security Officer Heads of Departments across the organization  HR Director(s) Internal communications team(s) Now, It’s you (and your teams!) turn…  Who within and outside of your organization can you build a relationship with to ensure: You succeed Your team succeeds The business succeeds Carve out some time to fill out the Relationship 15 Framework template and start sketching out a roadmap to strengthen your connective tissue with each person.  Think about the impact. If your team of 5 each identifies 15 people, you’ll have a network of 75 people to learn from and lean on. Have you found this useful? If so, share your Relationship 15 with us on LinkedIn and make sure to pass on the template to your peers. 
Read Blog Post
[if lte IE 8]
[if lte IE 8]