"Malicious Email Surge Predicted for Q4"

Corporate end-users should be on high alert for phishing attacks in the final quarter of the year as this is when most malicious emails are likely to land, according to new research from Tessian.  The email security vendor analyzed four billion messages sent between July 2020 and July 2021 to compile its Spear Phishing Threat Landscape 2021 report.  The researchers found that 45% more malicious emails were sent in October, November, and December 2020 than in the previous quarter.  November 2020 saw the most significant spike, with around 90,000 malicious emails detected in the week of the Black Friday sales.  Overall, employee inboxes received 14 malicious emails per year, rising dramatically to 49 on average in the retail sector, 31 in manufacturing, and 22 in the food and drink industry. Employees working in research and development received 16, and those with tech roles received 14.  The researchers found that malicious emails are typically delivered around 2 pm and 6 pm.  The most common tactics detected by the researchers were impersonation techniques like display name spoofing (19%), as well as domain impersonation (11%), and account takeover (2%).  The most spoofed brands over the year were Microsoft, ADP, Amazon, Adobe Sign, and Zoom.  The researchers stated that organizations don’t just need to keep an eye out for phishing and scam emails in the fourth quarter, but they should also train staff to be watchful at specific hours of the day.

Infosecurity reports: "Malicious Email Surge Predicted for Q4"