[May 22, 2018]

Agari Unmasks Global Criminal Email Rings in Unprecedented Cyber Probe

Agari, a leading cybersecurity company, today announced at the FS-ISAC 2018 Annual Summit a new research report, "Behind the 'From' Lines: Email Fraud on a Global Scale," which provides unprecedented insight into the operations and economics of organized criminal email groups. Among the key findings, nine of the 10 captured organized crime groups operate out of Nigeria, they all leverage a multitude of attack methods, and business email compromise (BEC) is far more lucrative than any other attack.

"While much of the high-profile attention paid to email security has focused on nation state actors, the reality is that American businesses are far more likely to be attacked by BEC scammers operating from Africa," said Patrick Peterson, founder and executive chairman, Agari. "The sad irony is that these foreign adversaries are using our own legitimate infrastructure against us in attacks that are far more damaging and much harder to detect than any intrusion or malware."

Business email compromise leverages a variety of identity deception techniques, such as display name deception, to bamboozle organizations into making fraudulent payments. Typically, an attacker will impersonate the CEO of a company and request immediate payment to a vendor from its accounting team. In May 2018, the FBI IC3 "2017 Internet Crime Report" indicated that BEC losses increased to $675 million during 2017, more than 300 percent compared to $215 million in 2014.

Agari researchers analyzed a variety of email based attacks, including romance scams and rental scams, but even though BEC did not emerge as a trend until 2016, BEC attacks account for 24 percent of all attacks analyzed. BEC attacks produce more victims and result in higher dollar losses than any other criminal email attack. BEC attacks are also ten times more likely to produce a victim if the target answers an initial probe email, such as "Are you at your desk to make a payment?"

Agari analyzed 59,652 unique messages accessed from 78 criminal email accounts to produce "Behind the 'From' Lines: Email Fraud on a Global Scale." Key findings from the report include:

• Nigerian Scammers Target (News - Alert) American Businesses - Nine out of the 10 criminal email groups appear to operate out of Nigeria. Agari has correlated many of these criminal email accounts with social media profiles and other personal registrations, producing a clear picture of their true identities.
• BEC Emerges as Most Popular, Most Effective Attack Vector - BEC attacks accounted for 24 percent of all attacks, with 0.37 victims per 100 probes, even though BEC attacks only have an initial response rate of 32 percent. BEC attacks are ten times more likely to produce a victim if the target answers an initial probe, with 3.97 victims per 100 answered probes. Romance scams accounted for 11 percent of all attacks, with 0.13 victims per 100 probes, even though it has a much higher initial response rate of 72 percent. Romance scams are also ten times more likely to produce a victim if the target answers an initial probe, with 1.54 victims per 100 answered probes.
• Romance Scams Break More Than the Bank - Agari lays bare the heartbreaking tale of a Florida woman who exchanged more than 1,500 emails with an email scammer, believing him to be a wealthy expatriate living in Dubai. Over the course of six years, this woman lost more than $500,000 and was forced to sell her home after refinancing it to help pay a variety of fraudulent requests.
• Man-in-the-Middle Account Takeover (ATO) Targets Real Estate - Agari has identified a sophisticated actor that has compromised email accounts belonging to real estate brokers by sending them malware-infected documents. This master conman leverages these compromised email accounts to conduct ATO-based escrow scams that can potentially bankrupt his targets. Agari has reason to believe this individual, who appears to be operating out of Kenya, may actually be in the United States.
• The Big Business of Email Compromise - Research reveals that criminal email accounts request payment ranging from $1,500 to more than $200,000, with an average request of $35,500. Additionally, Agari has categorized hundreds of bank accounts, social security numbers, passwords and PIN numbers that these organized crime groups have obtained through social engineering, business email compromise and account takeover.

"Business email compromise has become a pervasive threat -- it is the most popular, the most effective, and the most damaging of all of the attacks we research," said Peterson. "These organized crime groups will not stop these attacks, but whenever possible, Agari will be there to capture these criminal email accounts, to freeze their mule bank accounts and to pull back the mask of their true identity."

Download "Behind the 'From' Lines: Email Fraud on a Global Scale" at https://agari.com/unmasked

About Agari

Agari, a leading cybersecurity company, is trusted by leading Fortune 1000 companies to protect their enterprise, partners and customers from advanced email phishing attacks. The Agari Email Trust Platform is the industry's only solution that 'understands' the true sender of emails, leveraging the company's proprietary, global email telemetry network and patent-pending, predictive Agari Identity Intelligence^TM to identify and stop phishing attacks. The platform powers Agari Enterprise Protect, which help organizations protect themselves from advanced spear phishing attacks, and Agari Customer Protect, which protects consumers from email attacks that spoof enterprise brands. Agari, a recipient of the JPMorgan Chase Hall of Innovation Award and recognized as a Gartner (News - Alert) Cool Vendor in Security, is backed by Alloy Ventures, Battery Ventures, First Round Capital, Greylock Partners, Norwest Venture Partners and Scale Venture Partners. Learn more at http://www.agari.com and follow us on Twitter (News - Alert) @AgariInc.

View source version on businesswire.com: https://www.businesswire.com/news/home/20180522005332/en/

[ Back To TMCnet.com's Homepage ]