The Email Fraud and Identity Deception Trends report is released quarterly based on analysis of approximately 500b emails globally. Trends that dominated from April—June 2019 include:

  • Gift cards are requested in 65% of all BEC scams
  • Employee-reported phishing attacks jump 14% in 90 days
  • DMARC adoption rates across the globe remain slow, but BIMI grows by nearly 400%
  • Elizabeth Warren remains the sole presidential contender following email security best practices



Executive Summary

Data captured in the latest quarterly analysis from the Agari Cyber Intelligence Division (ACID) demonstrates that the continuing evolution of business email compromise, spear phishing, consumer-targeted brand impersonation scams, and other advanced email threats is far from linear. Instead, it’s taking on new permutations and trajectories, even reversing successful trendlines, at least temporarily, to throw off targets and maximize returns. What emerges is the picture of email-based threats that grow more dangerous, and more unpredictable, by the day.


Election 2020: Top Presidental Contenders Remain Wide Open to Email Attack

With the 2020 presidential primary season rapidly taking shape, analysis from the Agari research team finds 85% of the top candidates spanning both parties continue to rely on vulnerable email accounts that put their staff at risk from the same kind of phishing attacks that helped derail Hilary Clinton’s 2016 presidential bid. As this cycle gains speed, campaigns and their ever-changing ecosystems of advisors, pollsters, and policy analysts will only make easier targets for email attacks launched by nation-states and other operatives.

But others may be burned just as bad or worse—causing potentially irreparable harm to candidacies and even to our democracy. As of June 30, ACID analysis of domain data finds that of the leading candidates polling over 1%, only four of the candidates have DMARC records established for their domains with the policy that prevents the campaign or the candidate from being impersonated in email scams targeting donors, voters, reporters, and others. If the phishing and misinformation campaigns conducted by the world’s top threat actors during the last election cycle wasn’t enough to prompt presidential candidates to take action, 2016 may prove to be just a warm-up act for the transgressions headed our way in 2020.

Gift Cards Now the #1 BEC Cash-Out Mechanism for Fraudsters

While wire transfers have long been the primary objective in BEC scams, gift cards have become the top cash-out tactic for fraudsters. During the second quarter of 2019, 65% of all BEC attacks observed by the ACID team prompted victims to purchase and send gift cards to the attacker. And 75% of the gift cards requested by BEC hustlers belong to only five brands: Google Play, Steam Wallet, Amazon, Apple iTunes and Walmart. This approach has key benefits to con artists, as gift cards represent a ready tool for laundering the proceeds of
their crimes with little to no traceability. There is a downside, however, as the money attackers can net with each gift card is significantly less than what’s possible through wire transfers. Nonetheless, the growing prevalence of gift cards in BEC attacks indicates the ROI must outweigh the negatives.

Employee-Reported Phishing Attacks Jump 14% as Breach Risks Mount

Employee-reported phishing incidents rose 14% during the second quarter to more than 33,108 annually, according to the Q3 ACID Phishing Incident Response Survey of 175 professionals at 280 organizations with 1,000+ employees. During the same period, respondents to this quarter’s survey reported a 16% increase in the number of false positives, while the time needed to triage, investigate, and remediate
rose 13% per incident. And while the average number of SOC analysts increased to 15.3 per organization, the gap between the number of analysts needed to handle these volumes grew by 22%.

DMARC Adoption Rates Tick Up 2%, Though 83% of Fortune 500 Still at Risk

For this report, ACID identified 7,044,371 domains with valid Domain-based Message Authentication, Reporting and Conformance (DMARC) records as part of the largest ongoing study of DMARC adoption worldwide. The United States and Germany remain leaders in the total number of domains with assigned DMARC records, but the US is still #1 in the total number of domains with records with reject policies. Overall, domains with DMARC records rose just 2% in the second quarter, leaving most of the world’s most prominent corporations at risk from email-based brand impersonation scams targeting their customers, partners, and other consumers and businesses. That includes a staggering 83% of the Fortune 500.

Inside this Report

In this quarterly report, we examine trends in phishing and email fraud perpetrated against businesses and their customers.

Continuing a feature first introduced in our Q2 2019 report, this edition assesses current adoption rates for both email authentication and advanced email security among top candidates seeking their parties’ nominations heading into next year’s 2020 US presidential elections. This includes analysis of which campaigns may be most vulnerable to email-based impersonation fraud that can damage their candidates’ reputations, fundraising efforts, press coverage, and even national security.

The statistics presented here reflect information captured from the following sources from April through June 2019:

  • Analysis of 2020 presidential campaign email vulnerability based on DNS and MX records
  • Data extracted from trillions of emails analyzed by the Agari Identity Graph™
  • Insights from our quarterly phishing incident survey of SOC professionals at 280 companies
  • DMARC-carrying domains identified among 328 million+ domains crawled worldwide

The Agari Cyber Intelligence Division (ACID) is the only counterintelligence research team dedicated to worldwide BEC and spear phishing investigations, identity deception tactics, criminal group dynamics, and relevant trends behind these and other advanced email threats. Created by Agari in 2018, ACID helps to mitigate cybercriminal activity by working with law enforcement and other trusted partners.


Close button
Mail Letter

Would you like the confidence to trust your inbox?