Get ahead of the attacks costing organizations around the globe billions in fraud losses. The H2 2020 Email Fraud and Identity Deception Trends report highlights current attack trends and provides insights including:

  • 66% of malicious emails employed identity deception tactics that impersonated well-known brands including the World Health Organization (WHO) and Centers for Disease Control (CDC).
  • SOC teams are rapidly becoming overwhelmed by a 67% false positive rate for employee-reported phishing incidents.
  • On average 90 undetected attacks make it to employee inboxes for every verified malicious email reported by an employee.

This new report by the Agari Cyber Intelligence Division is available now for immediate download.

Executive Summary

Needless to say, 2020 will rewrite the record books. With successful phishing and business email compromise (BEC) scams growing less reliant on technical
acumen than on savvy social engineering, email threat actors rang in the year with every reason to expect outlandish profits ahead. Then came COVID-19. In
the blink of an eye, the email attack surface ballooned to include tens of millions of corporate employees working from home. As substantiated in this mid-year
analysis from the Agari Cyber Intelligence Division (ACID), the pandemic became the go-to pretext for attackers bent on exploiting a period of unprecedented
angst. And it shows: By mid-May, the FBI reported the total volume of phishing and BEC emails exceeded all of 2019. Which means last year’s staggering $8.6
billion in potential business losses from advanced email threats may pale in comparison to 2020’s final tally.

BEC Themes Evolve, But the Song Remains the Same

COVID-themed attack volume remained relatively steady from mid-March through early June, before trailing off. Yet while the COVID drumbeat has died down,
the same BEC riffs play on. With 70% of BEC attacks launched from free webmail accounts, a dramatic increase from 54% during Q4 2019, attackers are putting
a premium on speed and flexibility with these temporary, disposable assets. Meanwhile, gift cards continue to be the preferred form of payment in BEC ploys,
resulting in the number of payroll diversion attacks decreased to 13% of the total, compared to 25% at the end of last year.

Shell-Shocked Employees Increasingly Report False Positives to SOC Team

Anxious employees armed with tools to report suspect emails walloped Security Operations Centers (SOCs) with more incidents to analyze, triage, and remediate
than they could possibly manage. As captured in our H2 2020 ACID Phishing Response Survey of 13 large organizations in a mix of industries, this chronic
challenge was further aggravated by a 67% false positive rate. Organizations deploying advanced phishing response workflows to identify the full scope of
phishing attacks, however, detected and remediated 90X more verified malicious emails connected or similar to those submitted by employees—a 100% increase
from our last report.

DMARC Adoption’s Slow Grind Continues; 80% of Fortune 500 Remain Vulnerable

The first half of 2020 saw an additional 25 companies within the Fortune 500 companies adopt Domain-based Message Authentication, Reporting, and
Conformance (DMARC)—bringing the total to 20% of all organizations within the index. Yet while salutary, that means 80% of the nation’s largest companies
remain susceptible to cybercriminals seeking to hijack their domains for use in phishing-based brand impersonation attacks that put their customers at risk of
significant financial damage. More encouraging: the 3,800% increase in brands adopting Brand Indicators for Message Identification (BIMI) within just the last six

Inside This Report

The intelligence presented in this report reflect data captured via the following sources from January 1 through June 30, 2020:

  • Active defense engagements with cyber threat actors to gather intel about emerging BEC tactics and targets
  • Data extracted from trillions of emails analyzed and applied by Agari Identity Graph™
  • DMARC-carrying domains identified among 477 million+ domains crawled worldwide
  • Incident data from SOC professionals at 13 large companies spanning multiple industries

ACID is the only counterintelligence research team dedicated to worldwide BEC and spear-phishing investigations and the identity deception tactics, criminal group dynamics, and other relevant trends behind today’s most advanced email threats. Created by Agari in 2018, ACID helps to mitigate cybercriminal activity by working with law enforcement and other trusted partners.

Close button
Mail Letter

Would you like the confidence to trust your inbox?