FOSTER CITY, Calif.– November 1, 2018 – Nearly two-thirds of all advanced email attacks used emails impersonating Microsoft or Amazon, according to new research by Agari, the only cloud-native solution that uses predictive AI to stop advanced email attacks. Agari’s newly-published quarterly report “Email Fraud & Identity Deception Trends: Insights from the Agari Identity Graph” identifies how advanced email attacks are targeting unsuspecting businesses and consumers—with display name deception as the most common attack vector.
Microsoft was impersonated in 36 percent of all (brand) display name impersonation attacks in the third quarter. Amazon was the second most commonly impersonated company, used in 27 percent of these attacks. Amazon and Microsoft run the largest public cloud computing platforms, which are widely used by companies undergoing digital transformation projects.
The pattern was different for high-value targets, such as C-suite executives—Microsoft was impersonated in 71 percent of these attacks. Dropbox is a distant second at seven percent, followed by United Parcel Service (UPS) at six percent.
These attacks often take the form of service updates, security alerts and password resets. The ubiquity of Microsoft Office in corporate environments and the rapid adoption of cloud-based Office 365 makes Microsoft an attractive impersonation target, while file-sharing services such as Dropbox are frequently imitated to distribute malware because users are more likely to trust its installation.
“While organizations are digitally transforming their operations with cloud messaging, advanced email attacks, such as phishing and business email compromise have become more effective than ever,” said Armen Najarian, CMO, Agari. “The damage from these attacks has ballooned into billions of dollars annually— however the real cost is the erosion of trust in digital business.”
According to the FBI, business email compromise (BEC) has become a $12 billion scam. Advanced email attacks, such as BEC, leverage identity deception techniques, including domain name spoofing, look-alike domains and display name deception to take advantage of end-user trust. Legacy email security solutions, such as secure email gateways (SEGs), are unable to detect advanced email attacks because they do not include malicious URLs or malware attachments—the attacks Agari identified in its Q4 2018 report evaded detection by other email security solutions.
Agari’s new report reveals that 62 percent of advanced email attacks leverage display name deception: 54 percent impersonate trusted brands and eight percent impersonate individuals. On the other end of the spectrum—yet alarmingly—three percent of identity deception-based attacks are sent from compromised email accounts commandeered through account takeover (ATO) attacks.
The intersection of display name deception and ATO attacks is revealed by the fact that Microsoft and Amazon are the most impersonated brands in digital deception-based attacks. The risk is that a successfully compromised Office 365 or AWS account may be used to launch subsequent attacks that are even harder to detect.
Email Authentication Adoption on the Rise
Domain-based Message Authentication, Reporting and Conformance (DMARC) is an open email authentication standard that prevents domain name spoofing from being used in phishing or spam. Agari’s Q4 2018 “Email Fraud & Identity Deception Trends” includes the broadest analysis of DMARC adoption ever conducted—more than 280 million registered public domains.
“Trust is the lifeblood of all communication, whether it’s interpersonal, business, government, or otherwise,” said Najarian. “Email marketing remains the most popular and profitable channel, yet brands remain at risk of having their customers deceived by impostors—wreaking havoc on their brand equity and reputation.”
In 2017, Agari research determined that only one-third of the Fortune 500 had adopted DMARC, with less than ten percent enforcing a quarantine or reject policy. Agari’s new research now reveals that more than half—51 percent—have adopted DMARC, although still only 13 percent are enforcing a quarantine or reject policy.
Additionally, in an examination of more than 280 million domains, Agari witnessed an increase in DMARC adoption from 3.5 million domains in July 2018 to 5.3 million domains in October 2018, representing a 51% percent increase in one quarter.
This increased adoption coincided with the approaching (and now final) deadline for the Department of Homeland Security Binding Operational Directive (BOD) 18-01, which mandates all federal executive branch domains must adopt DMARC and implement a reject policy. The United States federal government now leads all industry verticals with an 84 percent DMARC adoption rate—more than three-quarters of federal domains (76 percent) have implemented a reject policy.
To learn more, download Agari’s Q4 2018 “Email Fraud & Identity Deception Trends: Insights from the Agari Identity Graph”
About Email Fraud & Identity Deception Trends Report
The Agari “Email Fraud & Identity Deception Trends” report is a quarterly analysis of statistics and attack samples captured within the Agari Identity Graph. The Agari Identity Graph ingests more than two trillion emails per year, which it uses to train its machine learning models. Agari continually aggregates anonymized DMARC reporting data across its customer domains in multiple industry sectors, which it uses to compare and contrast with public sources using Agari DMARC lookup tools.
Agari is the leading predictive AI solution to protect the cloud inbox from advanced email and phishing attacks. Winner of Best Email Security Solution by SC Magazine in 2018, the Agari Email Trust Platform™ prevents ransomware, ATO, phishing, BEC and other identity deception attacks, restoring trust to digital channels for businesses, governments, and consumers worldwide. Learn more at www.agari.com.
# # #