Email Security Blog

Inside the Identity Graph: How Predictive AI Beats BEC Scams

Patrick Peterson December 17, 2018 Email Security

Our recent report on London Blue, the cybercrime network that has amassed a list of 50,000 finance executives targeted for upcoming business email compromise (BEC) scams was alarming. But what makes it worse is that London Blue is not the only group of sophisticated cybercriminals out there.

Phishing and other email attacks have jumped 50% in the last three months. The FBI is warning accounting and finance departments about a BEC scheme involving gift card purchases that has already hit more than a thousand organizations. And the SEC’s recent report on nine publicly-traded companies that lost $100 million through email fraud has rattled plenty of nerves.

The Imperiled Inbox

Many organizations today think they are safe because they have a secure email gateway, sandbox, or other email security system in place. But the email threat landscape is undergoing a fundamental shift. A shadowy world once home to lone wolves and loose-knit crime rings is now populated by increasingly networked cybercriminal organizations with all the capabilities of a modern enterprise.

As our report on London Blue makes clear, members of these organizations carry out the specialized functions you’d see in any modern corporation today. Business intelligence teams research targets, email marketing groups disseminate attacks, financial operations teams exfiltrate stolen funds, and recruiters line up mules to launder the dirty money.

With tactics that make it difficult to spot these attacks as fakes, organizations like London Blue are becoming more successful—not less. In fact, more than 90% of businesses report falling victim to targeted email attacks, with 23% of those organizations suffering financial damage. More than $12.5 billion in losses are directly attributed to business email compromise attacks.

Immaculate Deceptions

Because these attacks contain no malicious links or attachments and appear believable in all aspects, traditional email security is no match. Legacy systems focus on inspecting message content and assessing the reputation of a message’s infrastructure of origin, but cybercriminals have changed their tactics to bypass these systems. In fact, cybercriminal groups are no longer trying to deceive systems—they are trying to deceive human beings.

Using sophisticated identity deception techniques and plain-text messages that appear to come from a known and trusted sender, their emails are indistinguishable from the real deal. Well-researched and highly-personalized, they use psychological tricks to throw recipients off-kilter, fooling them into making costly mistakes, no questions asked. And it’s painfully effective.  

Just ask the French cinema chain recently conned out of $21.5 million with an email appearing to come from its parent company, requesting immediate wire transfers related to a “strictly confidential acquisition.” Or the large company in the SEC report that paid out $45 million in fake invoices from attackers posing as trusted suppliers.  

These businesses are hardly alone. It’s now estimated that targeted email attacks are the primary drivers behind 48% of all business losses from cybercrime. And Forrester Research predicts at least one major company will lose valuation of more than 25% due to a cyberattack in 2019.  

It’s time to turn back the tide.

The ‘Good’ Fight

It’s clear that relying solely on detecting the bad is hopeless. As cybercriminal organizations grow more sophisticated, it’s virtually impossible to use content inspections and blacklisting for protection. That’s why we’ve taken a fundamentally different approach at Agari. Using dynamic data, we model the good to protect you from the bad. We’ve validated this approach now in more than a hundred deployments. Here’s how it works.

Through the power of predictive AI and machine learning, the Agari Identity Graph™ interpolates over two trillion email messages annually to model relationships and behavioral patterns between individuals, brands, businesses, services, and domains using hundreds of characteristics that define trusted communications. Secure Email Cloud™ solutions then dynamically score each message for convergence or divergence from patterns established as legitimate and trusted and then enforce and report against policies established according to specific business needs.

In so doing, the Agari Identity Graph makes more than 300 million machine-learning model updates each day. Like any AI-based approach, it’s the underlying dataset and expertise of the data scientists that determines efficacy. For Agari, each new customer adds to this global dataset, so the solutions get smarter and more effective every day. It’s an implementation of the network effect at Internet scale.

This dynamic approach to email security outsmarts fraudsters even as they change behavior—moving from domain to domain, jettisoning blocked accounts, reformulating email messages, switching out display name strategies, recompiling malware, and more. Why? Because a fraudster typically doesn’t have a trusted pattern of communications with those they are intent on attacking. And there is little need to develop one, as there are easier targets out there. By becoming a hardened target, attackers tend to simply turn their attention to easier prey.

Prediction: Success

With all its predictive capabilities, it’s easy to see why the Agari Identity Graph forms the foundation of Agari solutions, and its mission to protect digital communications so humanity can prevail over evil. But it has other benefits as well.

By using predictive AI to detect and disrupt attacks, Agari solutions inspect each email message in real time and in a way that no human or legacy security control can, to give organizations the confidence to open, click, and trust everything in their inboxes.

The increased productivity throughout the enterprise can be enormous when employees at every level can communicate, collaborate, and share sensitive information without fear of fraud or a zero-day event.

In the face of rising dangers from BEC scams, phishing, and other advanced email threats, what’s good for security is good for business too.   

To learn more about the Agari Identity Graph and how it applies the power of machine learning to model trusted communications, download an exclusive white paper here.

Laptop with multiple paddle locks with key holes

May 27, 2022 John Wilson

SMTPS: Securing SMTP and the Differences Between SSL, TLS, and the Ports They Use

What is the difference between SMTPS and SMTP? SMTPS uses additional SSL or TLS cryptographic protocols…

Agari Blog Image

May 18, 2022 Ramon Peypoch

What Is Email Spoofing and How Do You Protect Against It?

What is Email Spoofing? Email spoofing is one of the most common forms of cybercriminal…

Computer Showing Secure Email Server

March 9, 2022 John Wilson

Securing Your Email with DMARC

Understanding the What, How, and Why of DMARC You probably already know this, but it…

Agari Blog Image

December 16, 2021 John Wilson

Common Phishing Email Attacks | Examples & Descriptions

What does a phishing email look like? We've compiled phishing email examples to help show…

Agari Blog Image

December 8, 2021 John Wilson

What Is Email Phishing? [How to Protect Your Enterprise]

Phishing emails can steal sensitive data and cost companies' reputation. However, protecting a company from…

mobile image