Agari: Business Email Compromise (BEC) Attacks Reach 96 Percent of Organizations

BEC runs rampant as conventional email security fails to detect display name deception; Agari enhances its Enterprise Protect functionality to deliver advanced protection against BEC

SAN MATEO, Calif. – January 31, 2018 – Agari, a leading cybersecurity company, today published research revealing that 96 percent of organizations have received business email compromise (BEC) emails during the second half of 2017. The Agari “Business Email Compromise (BEC) Attack Trends Report” analyzes more than one billion emails considered safe by conventional email security solutions, including Secure Email Gateways (SEG), Advanced Threat Protection (ATP) and Targeted Attack Protection (TAP).

“Business email compromise is a particularly effective attack vector because its lack of payload makes it nearly impossible for conventional email security solutions to detect and prevent,” said Markus Jakobsson, chief scientist, Agari. “At its core, business email compromise is a social engineering attack that leverages familiarity, authority and trust, which can result in billions of dollars of losses to businesses.”

According to the FBI, BEC attacks were responsible for more than $5.3 billion in exposed losses between 2013 and 2016. BEC attacks leverage social engineering, impersonating trusted individuals, such as bosses and third-party vendors, to request wire payments or sensitive data such as W-2 tax forms. Social networks and free cloud email services make it simple for cybercriminals to identify their targets, create an email account that impersonates a trusted entity (CEO, brand, partner) and then create a believable con with personalized details to make these attacks successful.

Key findings of the Agari “Business Email Compromise (BEC) Attack Trends Report” include:

  • Nearly every organization has received BEC attacks – Research reveals that 96 percent of organizations have been targeted by BEC attacks between June 2017 and December 2018. On average, organizations experienced 45 BEC attacks during this time.
  • BEC attacks manifest in a variety of forms – BEC attacks include display name deception, domain spoofing, and look-alike domains. However, BEC attacks function differently than phishing or spear-phishing attacks because there is no payload, such as a malicious attachment or a malicious URL.
  • Conventional security solutions are ineffective against BEC – As the last line of defense against advanced email-based attacks, Agari witnessed that 81 percent of BEC attackers used display name deception, 12 percent using domain spoofing and 7 percent used look-alike domains to impersonate a trusted party, without the SEG, ATP or TAP detecting it.

Conventional email security solutions, such as SEG, ATP and TAP attempt to detect attacks by monitoring for malicious payloads, attachments, URLs and other forms of known bad behavior. However, attackers can evade these protections by impersonating trusted individuals, partners or brands, while avoiding the use of malicious payloads.

“Business email compromise has become a pervasive threat that targets nearly every organization, often slipping past conventional email security solutions undetected,” said Greg Temm, chief information risk officer, FS-ISAC. “BEC opens organizations up to financial losses and could put customers’ investments at risk. Urgently deploying effective security controls and educating employees are some of the best ways to deal with this type of attack.”

Agari Enterprise Protect uses multiple patented machine learning models that integrate identity mapping, trust models and behavioral analytics linking the Internet’s infrastructure, organizational and individual data to detect and prevent identity deception. Built against massive, Internet-scale data sets, including insights from over 2 trillion emails every year across 3 billion global inboxes. Based on identity intelligence, Agari can accurately detect and prevent all three forms of identity deception used by BEC attacks including domain spoofing, look-alike domains and display name deception.

As BEC attacks remain unchecked by conventional email security, Agari continues to enhance

Enterprise Protect to ensure customers are protected. The latest enhancements include:

  • Agari Advanced Display Name Protection – A new machine learning model integrates organizational data from Office 365 and Azure Active Directory to automatically block display name deception.
  • Rapid DMARC – Automatically authenticates inbound email claiming to be from an organization’s internal domains to block spoofing attempts—regardless of whether the organization has published a DMARC policy.
  • Search & Destroy – Microsoft Office 365 and Google G Suite administrators can rapidly search and delete emails that have already been delivered to user inboxes for breach prevention or copy emails for forensic analysis.

Download the  Business Email Compromise (BEC) Attack Trends Report

Learn more about Agari Enterprise Protect:

About Agari
Agari, a leading cybersecurity company, is trusted by Fortune 1000 companies to protect their enterprises, partners and customers from advanced email phishing attacks. The Agari Email Trust Platform is the industry’s only solution that ‘understands’ the true sender of emails, leveraging the company’s proprietary, global email telemetry network and patent-pending, predictive Agari Trust Analytics to identify and stop phishing attacks. The platform powers Agari Enterprise Protect, which help organizations protect themselves from advanced spear phishing attacks, and Agari Customer Protect, which protects consumers from email attacks that spoof enterprise brands. Agari, a recipient of the JPMorgan Chase Hall of Innovation Award and recognized as a Gartner Cool Vendor in Security, is backed by Alloy Ventures, Battery Ventures, First Round Capital, Greylock Partners, Norwest Venture Partners and Scale Venture Partners. Learn more at and follow us on Twitter @AgariInc.

# # #