Over the past year, business email compromise (BEC) scams have jumped 60%. More than 90% of organizations report being hit by targeted email attacks, with 23% suffering financial damage that can average $1.6 million and up. 96% of successful data breaches now begin with an email, wreaking an average $7.9 million in costs per incident.
What is driving this uptick? Increasingly sophisticated cybercriminal organizations that pair identity deception techniques with personalized, socially-engineered emails designed to throw recipients off-kilter just long enough to fork over login credentials or make wire transfers before thinking to confirm the message’s legitimacy. Despite increased awareness of the problem, the price tag is estimated at $12.5 billion—and counting.
Businesses aren’t alone in the crosshairs. Every minute of the day, 22.9 new phishing attacks target consumers by impersonating trusted brands. Whether it’s through a fake “payment past due” or a “fraud alert” email, these and other Internet scams bamboozle consumers out of $1.4 billion through brand impersonation each year
In this report, we look at trends in phishing and email fraud against business, as well as those targeting their customers through domain spoofing and other tactics. For the first time, we examine the impact of phishing incident response by tracking the burden and cost for a SOC team to respond to user-reported emails. The statistics presented here reflect information captured from the following sources over the fourth quarter—October through December—of 2018:
The Agari Cyber Intelligence Division (ACID) is the only counterintelligence research team dedicated to worldwide BEC and spear phishing investigation. ACID supports Agari’s mission of protecting communications so that humanity prevails over evil. The ACID team uncovers identity deception tactics, criminal group dynamics, and relevant trends in advanced email threats. Created by Agari in 2018, ACID helps to impact the cyber threat ecosystem and mitigate cybercrime activity by working with law enforcement and other trusted partners.