The lack of built-in authentication has opened businesses up to a growing number of phishing business email compromise (BEC) attacks. The price tag: $12.5 billion and counting. While attacker tactics are growing more sophisticated and ingenious with each new day, they all bare a few similar traits. Almost all email attacks leverage some form of identity deception such as domain spoofing, lookalike domains, or complex display name deception techniques combined with social engineering tactics to manipulate recipients into coughing up login credentials or making fraudulent wire payments by making them believe they’re reacting to a trusted source.
Just as with many attacks facing businesses, there are no malware-infected attachments to detect, nothing in the email’s code to raise a red flag. Instead, these filchers leverage identity deception and social engineering tactics to exploit the relationship targets have with the brands they know and trust.
In this report, we look at trends in email fraud and advanced email attacks against businesses (inbound) and those targeting their customers through domain spoofing and phishing (outbound). The statistics presented here reflect data captured within the Agari Identity Graph from July 1st, 2018 through October 31st, 2018, as well as publicly-available DNS information that can provide a broader context to these trends and what they may mean to businesses and their customers.
Agari is in a unique position to illuminate advanced email attack activity, as our products are deployed in enterprises across the globe as the last line of defense behind secure email gateways or other email security controls. Instead of focusing on email content and infrastructure reputation like most email security solutions, Agari solutions harness advanced machine learning techniques to focus on people, known relationships, and predictable human behavior to detect and stop email-based threats. Agari also has the broadest view into email authentication traffic, commanding the largest volume of domains undergoing DMARC authentication on behalf of customers and email senders.