Did you know that human emotion can be one of the biggest causes of a successful cyber-attack on a business? Whether we’re distracted and/or stressed, it’s these two human vulnerabilities, according to a recent survey by security company Tessian, that make employees and their companies more susceptible to malicious emails.

The report found that:

· 45% of employees said that they clicked on a phishing email because they were distracted.

· 1 in three (29%) said they clicked a phishing email because they weren’t paying attention.

· Over half (52%) of workers said they made mistakes when they’re stressed.

The data collected by Tessian came from the analysis of two million malicious emails that managed to bypass traditional email defences between July 2020 and July 2021. The findings also discovered that:

• To evade detection and trick employees, attackers used different impersonation techniques. The most common tactic was display name spoofing (19%), which is when the attacker changes the sender’s name and disguises themselves as someone the target recognises.
• 44% of the malicious emails included a URL link.
• The brands most likely to be impersonated in the malicious emails that were analysed included Microsoft, ADP, Amazon, Adobe Sign and Zoom.
• The retail industry was targeted most often.
• Most malicious emails were delivered between 2p.m. and 6p.m. in the apparent hope that a phishing email that is sent during the late afternoon will slip past a tired or distracted employee.

Worryingly, cybercriminals, are now adopting increasingly sophisticated tactics in which to infiltrate companies’ online systems and the results of the report have clearly demonstrated this fact.

Yet the critical thing is, in order to prevent falling for these attacks, we must arm ourselves with knowledge. Educate yourself, staff and managers to identify these threats, which often lead to ransomware or other cyber-attacks. You may see phishing emails as an annoyance, but for many organisations and businesses it may be the first step of an attack and result in a significant harm. It’s far better to focus on prevention and detection than trying to remedy the situation once you have fallen victim.

There are key elements of a phishing email to look out and for more information on how to deal with suspicious emails and text messages, visit the National Cyber Security Centre website which offers clear guidance and tips.

Also, when identifying an email as phishing, don’t press delete! Forward it on to report@phishing.gov.uk and by sharing information like this you are helping Law Enforcement and the National Cyber Security Centre (NCSC) to act and warn others.

Here at the Cyber Resilience Centre for Wales, we offer a range of services for businesses to help identify their digital vulnerabilities and weaknesses.

We also offer a range of membership packages that are designed to help organisations become more cyber resilient.