Email Security Blog

Email ATO Attacks Surge 126%: Here’s Why, and How to Stop It

John Wilson October 22, 2018 Account Takeover

Account takeover-based email scams are climbing fast as the barriers to entry crumble for cybercriminals. But is advanced, AI-driven email protection really the solution? 

Consider yourself warned: Account takeover (ATO)-based email attacks have surged 126% in just the last year, and now represent the single most successful attack vector against businesses.

According to a study from Agari and Osterman Research, a staggering 44% of all businesses have fallen victim to ATO-based scams, which are email attacks launched from hijacked accounts.

In most cases, fraudsters use these compromised email accounts to launch phishing campaigns. Other times, the goal is to fool corporate employees into forking over their own login credentials, which can then be sold online.

And sometimes, it’s something far more nefarious. In the most sophisticated cons, an intruder infiltrates a corporate email account and then lays low, surveilling email messages in order to launch highly personalized attacks on the businesses’ customers, partners or employees at just the right moment.

This sometimes entails taking over the email account of a high-level executive—the CEO, or CFO, for instance—in order to pull off business email compromise (BEC) schemes such as an urgent request to accounting for immediate payment on a fraudulent invoice.

The bad news: Most email security systems are completely defenseless against these attacks, which will contribute to more than $9 billion in business losses this year. And it’s getting worse.

Account Takeover Attacks

Driven to Deception

So what’s behind the rapid rise in ATO attacks? Start with the fact that most organizations now have effective defenses against email messages containing malware or malicious links.

As a result, an increasing number of fraudsters are turning to identity deception-based attacks designed to trick recipients into sharing sensitive information, or making fraudulent wire transfers, by making them believe they’re responding to a trusted source.

ATO-based attacks are perhaps the ultimate form of email impersonation fraud, since legitimate-but-compromised accounts are used to send messages that easily slip past secure email gateways (SEGs) and other email security systems undetected.

What’s more, the barriers to entry are vanishing. Today, email login credentials belonging to high-value targets within finance, HR, IT or legal are readily available on the dark web for anywhere from $150 to $500.

Malicious—and Metastasizing

Another driver: The multiplier effect. Success breeds success, as they say. And today, each successful ATO-based attack that yields a victim’s email credentials now results in at least three subsequent account takeovers.

Indeed, according to a recent industry study, 78% of ATO attacks are phishing scams aimed at harvesting more credentials. But ploys increasingly include W-2 schemes and payment diversions. ATO-based attacks targeting real estate industry transactions, for instance, will contribute to $1 billion in losses this year.

Why is ATO-based fraud so difficult to detect? Because unlike fraudsters leveraging lookalike domains or display name spoofing, the con artists behind these attacks are impersonating trusted sources through email messages sent from legitimate accounts with robust email histories—sometimes from the same domains as the people they will target next.

Is AI the Answer?

In response to the boom in ATO scams and other advanced email threats, a growing number of businesses are boosting security awareness and phishing training to help employees spot fraudulent emails.

While that’s helpful, the quality and volume of new scams mean this approach will only go so far. ATO attacks in particular will always be hard for humans to discern. Meanwhile, much is being made of a new generation of artificial intelligence (AI)-based solutions designed to detect anomalies within email communications that could signal fraud.

While these technologies show tremendous promise, it’s unclear how many organizations are deploying solutions with the advanced modeling and analytics capabilities needed to detect and disrupt the most pernicious email threats, including both inbound and internally-targeted ATO scams.

Agari’s Enterprise Protect solution, for instance, integrates advanced machine learning technologies and global threat intelligence to recognize and infer the relationship between sender and receiver, spot telemetric and behavioral anomalies, and block ATO-based scams and other advanced email threats that easily bypass other email security systems.

By leveraging data from the 2 trillion emails we process each year, the Agari solution’s AI-driven analytics are continuously refined to neutralize both known and emerging threats in real time. And today, they’re used by category-leading companies around the world to beat fraudsters and block email attacks from ever reaching their targets.

Friendly Fire

Regardless of their strategy to fight back against ATO-based email schemes, businesses should put a move on it. As it stands now, the number of attacks launched from compromised email accounts is doubling month-over-month.

Which means we’ve all got a stake in stamping out a growing number of advanced email attacks—no matter who they appear to come from.

To learn more about ATO-based fraud and how machine learning-based solutions can stop it, download an exclusive report from Osterman Research titled, “Protect Your Organization from Account Takeover-Based Email Attacks

Man in front of laptop computer with paddle lock graphics

July 1, 2022 Monica Delyani

Customer Phishing Protection Couldn’t Be Easier with PhishLabs

It’s not news that cybercrime is a constant battle—large enterprises and small businesses everywhere are…

Agari Blog Image

June 8, 2020 Ramon Peypoch

Preventing Phishing Attacks:  The Dangers of Two-Factor Authentication

Are you protecting your remote workers against an endless barrage of COVID-19 related phishing attacks…

Agari Blog Image

February 4, 2020 Michael Cichon

Phishing, BEC and the Supply Chain: Why Your BEC Attack Surface is Bigger Than You Think

Thanks to the rapid rise of email account takeovers, organizations worldwide are being forced to…

Agari Blog Image

August 7, 2019 Mike Jones

How to Stop Phishing and BEC Attacks from Compromised Email Accounts

As email scammers become more sophisticated and cybercriminals expand their tactics, phishing and BEC attacks…

Agari Blog Image

August 5, 2019 Paul Chavez

Internal Intruders: Stopping Insider Threats Requires Smarter Tech and Better Training

Security incidents hit 81% of organizations over the past twelve months, and internal threats pose…

mobile image