Email-Based Fraud and Identity Deception are Evolving Fast

Email remains the killer app for communication and collaboration in both business and everyday life. But it’s under attack like never before. A lack of built-in authentication has long given fraudsters the ability to send an email claiming to be someone else. But today, a new generation of cybercriminal organizations is the driving force behind rapidly-evolving, socially-engineered email threats that grow more dangerous by the day.

Evil in the Inbox

Over the past year, business email compromise (BEC) scams have jumped 60%. More than 90% of organizations report being hit by targeted email attacks, with 23% suffering financial damage that can average $1.6 million and up. 96% of successful data breaches now begin with an email, wreaking an average $7.9 million in costs per incident.

What is driving this uptick? Increasingly sophisticated cybercriminal organizations that pair identity deception techniques with personalized, socially-engineered emails designed to throw recipients off-kilter just long enough to fork over login credentials or make wire transfers before thinking to confirm the message’s legitimacy. Despite increased awareness of the problem, the price tag is estimated at $12.5 billion—and counting.

Hijacking Your Brand, Targeting Your Consumers

Businesses aren’t alone in the crosshairs. Every minute of the day, 22.9 new phishing attacks target consumers by impersonating trusted brands. Whether it’s through a fake “payment past due” or a “fraud alert” email, these and other Internet scams bamboozle consumers out of $1.4 billion through brand impersonation each year

Key Findings

• Account takeover-based threats account for 20% of the inbound attacks that target employees.
• While 70% of brand impersonation attacks spoofed Microsoft, another notable impersonation target was the IRS.
• Costs reported to Security Operations Centers (SOCs) exceeded $4.86M to triage, investigate, and remediate.
• The volume of raw DMARC domains surged to 6.1 million, but major businesses are still lagging in adoption rates.

Inside this Report

In this report, we look at trends in phishing and email fraud against business, as well as those targeting their customers through domain spoofing and other tactics. For the first time, we examine the impact of phishing incident response by tracking the burden and cost for a SOC team to respond to user-reported emails. The statistics presented here reflect information captured from the following sources over the fourth quarter—October through December—of 2018:

• Data extracted from the 300 million+ daily model updates by the Agari Identity Graph
• DMARC-carrying domains identified within the 330 million+ domains crawled
• Insights captured from a phishing incident response survey of over 300 cybersecurity professionals

The Agari Cyber Intelligence Division (ACID) is the only counterintelligence research team dedicated to worldwide BEC and spear phishing investigation. ACID supports Agari’s mission of protecting communications so that humanity prevails over evil. The ACID team uncovers identity deception tactics, criminal group dynamics, and relevant trends in advanced email threats. Created by Agari in 2018, ACID helps to impact the cyber threat ecosystem and mitigate cybercrime activity by working with law enforcement and other trusted partners.