Each quarter, Agari publishes insights into new threats for both inbound and outbound email. From October to December, we found:

  • Account takeover-based threats account for 20% of the inbound attacks that target employees.
  • While 70% of brand impersonation attacks spoofed Microsoft, another notable impersonation target was the IRS.
  • Costs reported to the Security Operations Center (SOCs) to triage, investigate, and remediate threats exceeded $4.86M.
  • The volume of raw DMARC domains surged to 6.1 million, but major businesses are still lagging in adoption rates.

Download your copy of the Q1 2019 report now to learn which brands and identities were targeted most.

About This Report

This report contains metrics from data collected and analyzed by the following sources:

Employee Phishing and BEC Data

For inbound threat protection, Agari uses machine learning—combined with knowledge of an organization’s email environment— to model good or authentic traffic. Each message received by Agari is scored and plotted in terms of email senders’ and recipients’ identity characteristics, expected behavior, and personal, organizational, and industry-level relationships. For the attack categorization analysis, we leveraged anonymous aggregate scoring data that automatically breaks out identity deception-based attacks that bypass upstream SEGs into distinct threat categories, such as Display Name Deception, Compromised Account, and more.

Phishing Incident Response Trends

This report presents results from a custom survey conducted by Agari during Q4 2018. The following charts summarize the demographics and location of the respondents.


Global DMARC Domain Analysis

For broader insight into DMARC policies beyond what we observed in email traffic targeting Agari’s customer base, we obtained and analyzed hundreds of millions of domains over the course of Q4 2018. This overall set represents virtually all the publicly accessible domains in DNS over the course of Q4. At the end of the quarter, we crawled 323,245,038 domains, ultimately observing 6,126,323 with recognizable DMARC policies attached.

Quarter over quarter, our base domain list increased by over 40 million, mostly in newly detected country code top-level domains (CCTLD). This constantly growing list of domains serves as the basis for trend tracking in subsequent reports.

About the Agari Cyber Intelligence Division

The Agari Cyber Intelligence Division (ACID) is the only counterintelligence research team dedicated to worldwide BEC and spear-phishing investigation. ACID supports Agari’s unique mission of protecting communications so that humanity prevails over evil. ACID uncovers identity deception tactics, criminal group dynamics, and relevant trends in advanced email attacks. Created by Agari in 2018, ACID helps to impact the cyber threat ecosystem and mitigate cybercrime activity by working with law enforcement and other trusted partners.

Learn more at acid.agari.com.

About Agari

Agari is transforming the legacy Secure Email Gateway with its next-generation Secure Email Cloud™ powered by predictive AI. Leveraging data science and real-time intelligence from trillions of emails, the Agari Identity Graph™ detects, defends, and deters costly advanced email attacks including business email compromise, spear phishing and account takeover. Winner of the 2018 Best Email Security Solution by SC Magazine, Agari restores trust to the inbox for government agencies, businesses, and consumers worldwide.

Learn more at www.agari.com.

Close button
Mail Letter

Would you like the confidence to trust your inbox?