Email Security Blog

Business Email Compromise: 54% of Email Attacks Use Display Name Deception

Fareed Bukhari October 31, 2018 BEC, Business Email Compromise, Email Security
sending email

62% of Phishing, Business Email Compromise (BEC) and Other Email Attacks Now Involve Display Name Deception—Microsoft, Amazon impersonated in majority of identity deception attacks

(Part 1 of 3)

Display name deception techniques are now used in a majority of business email compromise (BEC) scams and other advanced email attacks targeting a growing number companies, according to the Q4 2018 Email Fraud and Identity Deception Trends Report from Agari.

Based on Agari data captured from July through October, the report finds 62% of all email attacks against businesses now involve cybercriminals committing impersonation fraud by inserting the name of a trusted individual or brand into the “from sender” field of fraudulent emails sent via Yahoo, Gmail, or other cloud-
based email platforms.

The objective: fool recipients into coughing up login credentials or making payments for fraudulent invoices by creating the illusion that they are reacting to a trusted sender.

Some of these attacks include malicious links. Others hide malware in attachments. But the most pernicious involve nothing more than plaintext messages that are masterfully targeted and personalized for maximum effectiveness. And it’s proving to be well worth the effort.

The Scam is in the Mail

Indeed, the Agari report comes amid heightened concerns over BEC fraud and other email-based threats, thanks in part to an October filing from the SEC regarding a recent investigation involving nine publicly- traded companies that were swindled out of $100 million through such scams.

One of these companies made 14 separate wire transfers for fake invoices over the course of several weeks—racking up $45 million in losses. Another paid out $30 million. But how is it possible that these and so many other businesses can be bamboozled out of millions of dollars on multiple occasions through fraudulent email messages? You might be surprised.

The fact is, email remains the most vital communications and collaboration tool in business, bar none. And despite the rise of secure messaging services such as Slack and HipChat, 63% of corporate employees turn to email to send sensitive information.

But for all of this, email has a monumental security flaw: the ability for anyone to send messages claiming to be someone else. And it’s this lack of built-in authentication that has opened businesses to phishing, BEC cons, and other advanced mail attacks—resulting in more than $12.5 billion in losses over the last
five years.

Fraud on Display

So how are they pulling it off? According to the Q4 report, 54% of all display name deception attacks now involve fraudsters sending emails purporting to come from a well-known business brand.

Not only is Microsoft impersonated in nearly 36% of all attacks (Amazon is second, at nearly 27%), but the brand is impersonated in more than 70% of attacks against high-value executive targets such as C-suite executives.

Typically, socially-engineered ploys include fraudulent service updates, security alerts, and password resets designed to build a sense of urgency.

Meanwhile, 8% of display name attacks entail spoofing the identities of specific individuals—typically a key executive at the targeted company or one of its suppliers. Here, late day messages—”Are you still at your desk?” for instance—are very common. The fact that 59% of email is consumed on mobile devices helps to boost the effectiveness of these attacks.

Why? For one thing, most mobile email clients use only the display name as a default—not the full address. Recipients pressured to act quickly while out of the office may be less likely to dig further before reacting to messages that appear pressing.

Another 35% of email attacks captured in the report leveraged lookalike domains, where criminals register domains that are very similar to the ones they are spoofing. And then there is the still small but alarming 3% of email attacks stemming from hijacked accounts belonging to the individual being impersonated.

These compromised account-based schemes are by far the most difficult to ferret out. What’s more, the growing market for stolen email credentials on the dark web means this form of attack is likely to become more prominent—and more destructive—in coming months.

Crisis Mode

The rising volume and severity of new email attacks is unrelenting. As it stands now, nearly 6.5 billion fraudulent emails are sent each day. More than 92% of companies report being hit by targeted email attacks in just the last 12 months.

Yet it remains unclear how many businesses have implemented modern, machine learning-based technologies with the behavioral analytics capabilities needed to recognize even the most sophisticated plaintext email scams through analysis of the relationships between senders and receivers.

But that’s not all. As we’ll discuss in Part Two and Three of this series, as hard as these attacks can be on businesses, another group has it worse: your customers.

As you’ll see, what you don’t know about how cybercriminals are impersonating your own brand to scam consumers and businesses—including your customers—can lead to painful revenue losses, regulatory fines, damage to your brand reputation, and more.

To learn more about phishing, business email compromise (BEC) scams, and other advanced email threats, download a FREE copy of the Q4 2018 Email Fraud and Identity Deception Trends Report from Agari.

Leave a Reply

Your email will not be published. All fields are required.

Agari Blog Image

July 16, 2019 Seth Knox

Microsoft Office 365 + Agari Secure Email Cloud: All You Need in a Cloud-First World

You’ve heard the statistics… more than 70% of all business users will be provisioned with…

Agari Blog Image

July 11, 2019 Armen Najarian

Restoring Trust to Digital Communications: How Smart Communities Model the Good

Legacy email security systems are failing, as more enterprises migrate their emails to the cloud…

Agari Blog Image

July 9, 2019 John Wilson

BEC: Just Defend Against Business Email Compromise or Strike Back?

With losses from business email compromise rising fast, the active defense movement is generating buzz—but…

Agari Blog Image

June 27, 2019 Siobhan McNamara

The 4 Fundamentals of AI-Based Email Security

Predictive, AI-based email security is proving to be remarkably effective at protecting against today's most…

Agari Blog Image

June 20, 2019 Michael Cichon

Email Security: Using ML to Prevent Advanced Attacks

The statistics are astounding. Email remains the number one threat vector for data breaches, the…

mobile image