FOSTER CITY, Calif. – Oct. 31, 2019 – Agari, the next-generation Secure Email Cloud that restores trust to the inbox, released today the findings of its Q4 Email Fraud and Identity Deception Trends report that reveals the next email fraud and scams coming around the corner that CISOs need to know.

The top finding shows that fraudsters deployed phishing campaigns using identity deception techniques that impersonate trusted brands or individuals, at record frequency. Identity deception-based attacks accounted for 62 percent of all advanced email attacks from July through September 2019. These percentages are up in the aggregate and the composition of these deceptions is in flux. Two identity deception attacks are favored among email fraudsters: Phishing campaigns impersonating brands, which dropped six percent quarter-over-quarter, and phishing campaigns impersonating individuals, which rose to 22 percent, compared to just 12 percent in the previous quarter.

“Malicious emails impersonating well-known brands are generally associated with credentials-harvesting schemes,” said Patrick R. Peterson, founder and CEO, Agari. “And those spoofing trusted individuals are typically linked to more sophisticated, social engineering-based business email compromise attacks.”

A two percent decline in attacks launched from hijacked email accounts occurred this quarter, perhaps due to cybercriminal organizations spending the early part of this year in full intelligence-gathering mode, gearing up for more lucrative, business email compromise (BEC) attacks to come.

The recent rise in email attacks spoofing trusted individuals augers a period of heightened risk from BEC and other highly-sophisticated email scams in the months ahead.

Other findings include:

  • Payroll diversions now account for 1 in 4 BEC cons, up 5% during the last three months
  • DMARC adoption soars 49% in past year, but 84% of Fortune 500 still remain at risk of brand abuse and phishing attacks of customers
  • Employee-reported phishing incidents jumped 6% over the past 90 days; at the same time, the false-positive rate increased, too, to 7%.

Devil to Pay: Diversion Scams Now 25% of All BEC Attacks

Find out more types of attacks that are coming around the corner. Download the full report.

About Agari
Agari is transforming the legacy Secure Email Gateway with its next-generation Secure Email Cloud powered by predictive AI. Leveraging data science and real-time intelligence from trillions of emails, the Agari Identity Graph detects, defends, and deters costly advanced email attacks including business email compromise, spear phishing and account takeover. Winner of the 2018 Best Email Security Solution by SC Magazine, Agari restores trust to the inbox for government agencies, businesses, and consumers worldwide. Learn more at www.agari.com.

Media Contact
Jean Creech Avent
Senior Director, Global Corporate Communications
Agari
jcreech@agari.com
+1 843 986 8229