The New Realities of Email-Based Fraud & Identity Deception

For all the buzz generated by social media, mobile texting, and new messaging platforms, email remains the single most popular and important communications and collaboration tool in modern day life. But email has a gaping security flaw: the ability for anyone to send an email claiming to be someone else.

The Devil is in the Emails

The lack of built-in authentication has opened businesses up to a growing number of phishing business email compromise (BEC) attacks. The price tag: $12.5 billion and counting. While attacker tactics are growing more sophisticated and ingenious with each new day, they all bare a few similar traits. Almost all email attacks leverage some form of identity deception such as domain spoofing, lookalike domains, or complex display name deception techniques combined with social engineering tactics to manipulate recipients into coughing up login credentials or making fraudulent wire payments by making them believe they’re reacting to a trusted source.

Target: Your Customers; the Lure: Your Brand

Just as with many attacks facing businesses, there are no malware-infected attachments to detect, nothing in the email’s code to raise a red flag. Instead, these filchers leverage identity deception and social engineering tactics to exploit the relationship targets have with the brands they know and trust.

Key Findings

• Display Name Deception was the clear attacker technique of choice for BEC attacks
• 54% of attacks leveraged impersonated brands in the display name, with Microsoft and Amazon being the brands of choice
• The most comprehensive DMARC adoption snapshot revealed an unprecedented 51% increase in raw DMARC policies over a three month period, though not always with a benevolent intent
• With a 76% DMARC reject rate, the US Federal Government is the standout sector for DMARC adoption, followed by Finance and Technology

Inside this Report

In this report, we look at trends in email fraud and advanced email attacks against businesses (inbound) and those targeting their customers through domain spoofing and phishing (outbound). The statistics presented here reflect data captured within the Agari Identity Graph from July 1st, 2018 through October 31st, 2018, as well as publicly-available DNS information that can provide a broader context to these trends and what they may mean to businesses and their customers.

Agari is in a unique position to illuminate advanced email attack activity, as our products are deployed in enterprises across the globe as the last line of defense behind secure email gateways or other email security controls. Instead of focusing on email content and infrastructure reputation like most email security solutions, Agari solutions harness advanced machine learning techniques to focus on people, known relationships, and predictable human behavior to detect and stop email-based threats. Agari also has the broadest view into email authentication traffic, commanding the largest volume of domains undergoing DMARC authentication on behalf of customers and email senders.