The Email Fraud and Identity Deception Trends report is released quarterly based on analysis of approximately 500b emails globally. Trends that dominated from July-September 2019 include:

  • Brand Impersonation attacks drop slightly while attacks impersonating individuals jump to 22% from 12%
  • Employee-reported phishing attacks increase response times by 14%
  • DMARC adoption rates soar 49% over the last year, but 87% of the Fortune 500 remains at risk


Executive Summary

Phishing and other email-based attacks may rank among the oldest tricks in the fraudster playbook, but they remain a distressingly effective way for cybercriminals to bilk businesses, their employees, customers, and the public at large out of billions. But they’re also far from static. Data captured in the latest quarterly analysis from the Agari Cyber Intelligence Division (ACID) substantiates how business email compromise (BEC), consumer-targeted brand impersonation scams, and other advanced email threats continue to mutate, switching up tactics to throw targets off-guard, even while retrofitting the tried-and-true in inventive new ways to boost their profits.

Attacks Impersonating Individuals Jump to 22%

Phishing campaigns employing identity deception techniques impersonating trusted brands or individuals accounted for 64% of all advanced email attacks from July through September 2019. However, while these numbers are up in the aggregate, the composition of these deceptions is in flux. During the third quarter of 2019, the number of phishing campaigns impersonating brands dropped slightly. At the same time, email attacks impersonating individuals hit 22%, compared to just 12% in the previous quarter. While malicious emails impersonating well-known brands are generally associated with credentials-harvesting schemes, those spoofing trusted individuals are typically linked to more sophisticated, social engineering-based BEC attacks.

Employee-Reported Phishing Attacks Increase Response Times by 14%

Employee-reported phishing incidents rose 6% during the second quarter, to more than 35,108 annually, while the number of false positives among those reports rose 7%. According to the Q4 ACID Phishing Incident Response Survey of professionals at 460 organizations with 1,000+ employees, the time needed to triage, investigate, and remediate each incident, including a larger number of false positives, rose by more than an hour per incident, a 14% increase—in the last three months. And while the average number of SOC analysts increased to 16.9 per organization, increasing employee-related phishing incidents pushed the gap between the number of analysts needed to handle these volumes up 23%.

DMARC Adoption Soars 49% in Past Year, but 87% of Fortune 500 Remain at Risk

ACID analyzed 8,244,356 domains with valid Domain Message Authentication, Reporting, and Conformance (DMARC) records as part of the largest ongoing study of DMARC adoption worldwide. The US and Germany remain leaders in the total number of domains with assigned DMARC records, with the US still #1 in the total percentage of domains with reject policies. Overall, adoption of the DMARC email authentication protocol is up 49% worldwide year-over-year. But most of the world’s most prominent corporations are still at risk from email-based brand impersonation scams targeting their customers, partners, and others.

Inside This Report

The statistics presented here reflect information captured from the following sources from July through September.

ACID is the only counterintelligence research team dedicated to worldwide BEC and spear phishing investigations and the identity deception tactics, criminal group dynamics, and relevant trends behind these and other advanced email threats. Created by Agari in 2018, ACID helps to mitigate cybercriminal activity by working with law enforcement and other trusted partners.

Close button
Mail Letter

Would you like the confidence to trust your inbox?