Email Security Blog

Inside the Identity Graph: How Predictive AI Beats BEC Scams

Patrick Peterson December 17, 2018 Email Security

Our recent report on London Blue, the cybercrime network that has amassed a list of 50,000 finance executives targeted for upcoming business email compromise (BEC) scams was alarming. But what makes it worse is that London Blue is not the only group of sophisticated cybercriminals out there.

Phishing and other email attacks have jumped 50% in the last three months. The FBI is warning accounting and finance departments about a BEC scheme involving gift card purchases that has already hit more than a thousand organizations. And the SEC’s recent report on nine publicly-traded companies that lost $100 million through email fraud has rattled plenty of nerves.

The Imperiled Inbox

Many organizations today think they are safe because they have a secure email gateway, sandbox, or other email security system in place. But the email threat landscape is undergoing a fundamental shift. A shadowy world once home to lone wolves and loose-knit crime rings is now populated by increasingly networked cybercriminal organizations with all the capabilities of a modern enterprise.

As our report on London Blue makes clear, members of these organizations carry out the specialized functions you’d see in any modern corporation today. Business intelligence teams research targets, email marketing groups disseminate attacks, financial operations teams exfiltrate stolen funds, and recruiters line up mules to launder the dirty money.

With tactics that make it difficult to spot these attacks as fakes, organizations like London Blue are becoming more successful—not less. In fact, more than 90% of businesses report falling victim to targeted email attacks, with 23% of those organizations suffering financial damage. More than $12.5 billion in losses are directly attributed to business email compromise attacks.

Immaculate Deceptions

Because these attacks contain no malicious links or attachments and appear believable in all aspects, traditional email security is no match. Legacy systems focus on inspecting message content and assessing the reputation of a message’s infrastructure of origin, but cybercriminals have changed their tactics to bypass these systems. In fact, cybercriminal groups are no longer trying to deceive systems—they are trying to deceive human beings.

Using sophisticated identity deception techniques and plain-text messages that appear to come from a known and trusted sender, their emails are indistinguishable from the real deal. Well-researched and highly-personalized, they use psychological tricks to throw recipients off-kilter, fooling them into making costly mistakes, no questions asked. And it’s painfully effective.  

Just ask the French cinema chain recently conned out of $21.5 million with an email appearing to come from its parent company, requesting immediate wire transfers related to a “strictly confidential acquisition.” Or the large company in the SEC report that paid out $45 million in fake invoices from attackers posing as trusted suppliers.  

These businesses are hardly alone. It’s now estimated that targeted email attacks are the primary drivers behind 48% of all business losses from cybercrime. And Forrester Research predicts at least one major company will lose valuation of more than 25% due to a cyberattack in 2019.  

It’s time to turn back the tide.

The ‘Good’ Fight

It’s clear that relying solely on detecting the bad is hopeless. As cybercriminal organizations grow more sophisticated, it’s virtually impossible to use content inspections and blacklisting for protection. That’s why we’ve taken a fundamentally different approach at Agari. Using dynamic data, we model the good to protect you from the bad. We’ve validated this approach now in more than a hundred deployments. Here’s how it works.

Through the power of predictive AI and machine learning, the Agari Identity Graph™ interpolates over two trillion email messages annually to model relationships and behavioral patterns between individuals, brands, businesses, services, and domains using hundreds of characteristics that define trusted communications. Agari Secure Email Cloud™ solutions then dynamically score each message for convergence or divergence from patterns established as legitimate and trusted and then enforce and report against policies established according to specific business needs.

In so doing, the Agari Identity Graph makes more than 300 million machine-learning model updates each day. Like any AI-based approach, it’s the underlying dataset and expertise of the data scientists that determines efficacy. For Agari, each new customer adds to this global dataset, so the solutions get smarter and more effective every day. It’s an implementation of the network effect at Internet scale.

This dynamic approach to email security outsmarts fraudsters even as they change behavior—moving from domain to domain, jettisoning blocked accounts, reformulating email messages, switching out display name strategies, recompiling malware, and more. Why? Because a fraudster typically doesn’t have a trusted pattern of communications with those they are intent on attacking. And there is little need to develop one, as there are easier targets out there. By becoming a hardened target, attackers tend to simply turn their attention to easier prey.

Prediction: Success

With all its predictive capabilities, it’s easy to see why the Agari Identity Graph forms the foundation of Agari solutions, and its mission to protect digital communications so humanity can prevail over evil. But it has other benefits as well.

By using predictive AI to detect and disrupt attacks, Agari solutions inspect each email message in real time and in a way that no human or legacy security control can, to give organizations the confidence to open, click, and trust everything in their inboxes.

The increased productivity throughout the enterprise can be enormous when employees at every level can communicate, collaborate, and share sensitive information without fear of fraud or a zero-day event.

In the face of rising dangers from BEC scams, phishing, and other advanced email threats, what’s good for security is good for business too.   

To learn more about the Agari Identity Graph and how it applies the power of machine learning to model trusted communications, download an exclusive white paper here.

Leave a Reply

Your email will not be published. All fields are required.

Agari Blog Image

May 9, 2019 Patrick Peterson

Current Email Architecture Transformation Raises the Bar for Security

Enterprise email architecture is evolving, which is good new for cybercriminals. Legacy secure email gateways…

Agari Blog Image

May 2, 2019 Armen Najarian

Agari Research Finds 2020 Presidential Campaigns Vulnerable to Next-Gen Phishing Attacks

The type of email attacks that helped derail Hillary Clinton’s presidential bid during the 2016…

Agari Blog Image

April 30, 2019 Patrick Peterson

2020 Presidential Campaigns Susceptible to Nation-State Email Attacks—Agari Can Help

Three years ago, Russian operatives spear phished the email account of Hillary Clinton's campaign chairman…

Agari Blog Image

April 11, 2019 Raymond Lim

Beware of Phishing Attacks as Tax Day Looms Closer

The April 15th deadline to file taxes in the United States is almost here, which…

Agari Blog Image

March 13, 2019 Ernest Yuen

W-2 Scams Likely to Continue as Driver for Phishing Attacks in 2019

With the 2019 tax season reaching full throttle, a volatile mix of conditions could fuel…

mobile image