Email Security Blog

Business Email Compromise: 54% of Email Attacks Use Display Name Deception

Michael Paiko October 31, 2018 BEC, Business Email Compromise, Email Security
sending email

62% of Phishing, Business Email Compromise (BEC) and Other Email Attacks Now Involve Display Name Deception—Microsoft, Amazon impersonated in majority of identity deception attacks

(Part 1 of 3)

Display name deception techniques are now used in a majority of business email compromise (BEC) scams and other advanced email attacks targeting a growing number companies, according to the Q4 2018 Email Fraud and Identity Deception Trends Report from Agari.

Based on Agari data captured from July through October, the report finds 62% of all email attacks against businesses now involve cybercriminals committing impersonation fraud by inserting the name of a trusted individual or brand into the “from sender” field of fraudulent emails sent via Yahoo, Gmail, or other cloud-
based email platforms.

The objective: fool recipients into coughing up login credentials or making payments for fraudulent invoices by creating the illusion that they are reacting to a trusted sender.

Some of these attacks include malicious links. Others hide malware in attachments. But the most pernicious involve nothing more than plaintext messages that are masterfully targeted and personalized for maximum effectiveness. And it’s proving to be well worth the effort.

The Scam is in the Mail

Indeed, the Agari report comes amid heightened concerns over BEC fraud and other email-based threats, thanks in part to an October filing from the SEC regarding a recent investigation involving nine publicly- traded companies that were swindled out of $100 million through such scams.

One of these companies made 14 separate wire transfers for fake invoices over the course of several weeks—racking up $45 million in losses. Another paid out $30 million. But how is it possible that these and so many other businesses can be bamboozled out of millions of dollars on multiple occasions through fraudulent email messages? You might be surprised.

The fact is, email remains the most vital communications and collaboration tool in business, bar none. And despite the rise of secure messaging services such as Slack and HipChat, 63% of corporate employees turn to email to send sensitive information.

But for all of this, email has a monumental security flaw: the ability for anyone to send messages claiming to be someone else. And it’s this lack of built-in authentication that has opened businesses to phishing, BEC cons, and other advanced mail attacks—resulting in more than $12.5 billion in losses over the last
five years.

Fraud on Display

So how are they pulling it off? According to the Q4 report, 54% of all display name deception attacks now involve fraudsters sending emails purporting to come from a well-known business brand.

Not only is Microsoft impersonated in nearly 36% of all attacks (Amazon is second, at nearly 27%), but the brand is impersonated in more than 70% of attacks against high-value executive targets such as C-suite executives.

Typically, socially-engineered ploys include fraudulent service updates, security alerts, and password resets designed to build a sense of urgency.

Meanwhile, 8% of display name attacks entail spoofing the identities of specific individuals—typically a key executive at the targeted company or one of its suppliers. Here, late day messages—”Are you still at your desk?” for instance—are very common. The fact that 59% of email is consumed on mobile devices helps to boost the effectiveness of these attacks.

Why? For one thing, most mobile email clients use only the display name as a default—not the full address. Recipients pressured to act quickly while out of the office may be less likely to dig further before reacting to messages that appear pressing.

Another 35% of email attacks captured in the report leveraged lookalike domains, where criminals register domains that are very similar to the ones they are spoofing. And then there is the still small but alarming 3% of email attacks stemming from hijacked accounts belonging to the individual being impersonated.

These compromised account-based schemes are by far the most difficult to ferret out. What’s more, the growing market for stolen email credentials on the dark web means this form of attack is likely to become more prominent—and more destructive—in coming months.

Crisis Mode

The rising volume and severity of new email attacks is unrelenting. As it stands now, nearly 6.5 billion fraudulent emails are sent each day. More than 92% of companies report being hit by targeted email attacks in just the last 12 months.

Yet it remains unclear how many businesses have implemented modern, machine learning-based technologies with the behavioral analytics capabilities needed to recognize even the most sophisticated plaintext email scams through analysis of the relationships between senders and receivers.

But that’s not all. As we’ll discuss in Part Two and Three of this series, as hard as these attacks can be on businesses, another group has it worse: your customers.

As you’ll see, what you don’t know about how cybercriminals are impersonating your own brand to scam consumers and businesses—including your customers—can lead to painful revenue losses, regulatory fines, damage to your brand reputation, and more.

To learn more about phishing, business email compromise (BEC) scams, and other advanced email threats, download a FREE copy of the Q4 2018 Email Fraud and Identity Deception Trends Report from Agari.

Leave a Reply

Your email will not be published. All fields are required.

Night time satellite image of south eastern usa

October 13, 2020 Crane Hassold

The Global Reach of Business Email Compromise (BEC)

Over the last five years, Business Email Compromise (BEC) has evolved into the predominant cyber…

Agari Blog Image

August 5, 2020 Michael Paiko

Phishing & BEC Scams Soar 3000%: Agari H2 2020 Email Fraud and Identity Deception Trends Report

Coronavirus-related phishing attacks and business email compromise (BEC) scams skyrocketed 3,000% from mid-March through early…

Agari Blog Image

July 17, 2020 Patrick Peterson

Business Email Compromise: New Shift in BEC Threat Landscape Puts CISOs on Notice

A seismic shift in the email threat landscape has CISOs bracing for sophisticated new forms…

Agari Blog Image

July 7, 2020 Crane Hassold

Cosmic Lynx: A Russian Threat Hits the BEC Scene

“At some point, Russian and Eastern European cybercriminals are going to start thinking to themselves,…

Agari Blog Image

June 30, 2020 Michael Paiko

Agari Summer '20 Release: CISOs Gain Unique Threat Intel to Their Organizations

With business email compromise (BEC) scams up sharply amid the coronavirus pandemic, CISOs have been…

mobile image