The retail industry appeared to be targeted the most between July 2020 and July 2021 with the average employee receiving 49 malicious emails a year. A change that Tessian notes is “significantly higher” than the overall average of 14 malicious emails detected per user, per year.
Manufacturing is the second industry to be hit with malicious emails. The average worker received 31 malicious emails per year.
The most common tactic attackers used were impersonation tactics. Display name spoofing, where the attacker changes the sender’s name to someone the recipient recognizes occurred about 19% of the time.
Domain impersonation was another tactic, whereby the attacker sets up an email address that looks like a legitimate one. This was used 11% of the threats detected by Tessian.
Brands that were most likely to be impersonated were Microsoft, ADP, Amazon, Adobe Sign and Zoom.
Of the malicious emails Tessian analyzed, 2% of them were account takeover attacks, where the malicious emails came from a trusted vendor or supplier’s legitimate email address. The approximate average value of financial losses from account takeovers of financial accounts is almost $12,000, according to Tessian.
About 22% of U.S. adults report having their accounts taken over. The account takeover market has grown by 250% from 2019 to 2020, according to Security.org.
Using the same password across multiple sites can lead to account takeover fraud. In order to prevent account takeover in the future, users should change their password, add two or multi-factor authentication, add security questions, install a VPN, password manager or even a identity theft protection program.
The account takeover market is increasing throughout the global pandemic. As we’ve seen in several cyber incidents, the motives behind them are for financial gain.