Agari Reports that Phishing and Spoofing Attacks on Global Enterprises Intensified

CISO organizations face unrelenting fraudsters: maximum wire transfer ploy equaled US$1.6M at end of Q2 2020, up nearly 134% from Q4 2019 FOSTER CITY, Calif. and LONDON, Aug. 5, 2020 /PRNewswire/ -- Agari, the market share leader in phishing defense solutions for the enterprise, announced today insights from its latest H2 2020 Email Fraud and Identity [...]

Share This Post

Share on facebook
Share on linkedin
Share on twitter
Share on email

CISO organizations face unrelenting fraudsters: maximum wire transfer ploy equaled US$1.6M at end of Q2 2020, up nearly 134% from Q4 2019

FOSTER CITY, Calif. and LONDON, Aug. 5, 2020 /PRNewswire/ — Agari, the market share leader in phishing defense solutions for the enterprise, announced today insights from its latest H2 2020 Email Fraud and Identity Deception Trends report.  Highlights from the H2 2020 report reveal:

CISO organizations

CISO organizations face unrelenting fraudsters: maximum wire transfer ploy equaled US$1.6M at end of Q2 2020

  • A 90x increase in malicious emails are detected by a Security Operations Center (SOC) that uses automated phishing response tools, driving cost- and time-saving efficiencies.
  • 9 in 10 of ASX 100 companies leave the front-door open for scammers to send emails from their brand, oftentimes asking customers for money.
  • 80% of FTSE 100 companies are vulnerable to outbound brand impersonation attacks by email scammers.
  • 70% of business email compromise (BEC) attacks are sent from free webmail accounts, up from 54% in December, 2019; attackers put a premium on speed and flexibility with the use of these temporary, disposable accounts.

“CISOs continue to share with us that today’s operating environment is the most dangerous and dynamic to date — and not just because of the effects of COVID-19,” said Armen L. Najarian, Chief Identity Officer, Agari. “Newer email-based attacks evade traditional controls and employees are still falling victim to these attacks despite the heightened attention on phishing.”

Findings of the H2 trends report shows that anxious employees armed with tools to report suspect emails pummeled Security Operations Centers (SOCs) with more incidents to analyze, triage, and remediate than SOC analysts could manage. This chronic challenge was further aggravated by a 67 percent false-positive rate, meaning analysts are spending more time on triaging good emails and less time remediating the truly malicious emails that could bring a company to its knees.

While email fraudsters are upping their game, enterprises globally seem to be operating in the status quo. Most large enterprises have a blind spot and don’t know who is really sending emails on their behalf. As a case in point, only 20 percent of Fortune 500 companies have DMARC email authentication in place, which is a basic security control that prevents scammers from disguising themselves as a company and sending emails to that company’s customers. The operational and reputational risk is real. For example, prior to implementing DMARC, scammers spoofed a Fortune 100 company brand and sent emails to 40,000 of its customers asking for money.

COVID-themed BEC attack volume trailed off at the end of June, after reaching a crescendo in early June  And cash-out methods shifted during this timeframe, too. Even though gift cards continue to be the preferred form of payment in BEC attacks, the average amount requested decreased to US$1,348. While wire transfer amounts reached their highest with the maximum hitting nearly US$1.6M. On the good news front, a decrease in the number of payroll diversion attacks occurred dropping to 13 percent compared to 25 percent in Q4 2019.

“The average amount BEC phishing scammers request is US$66K, and this potential fraud loss can no longer be considered a cost of doing business,” said Najarian. “Information security organizations are engaged in a high-stakes game of cat and mouse with fraudsters. What’s true and proven, though, is that when CISOs take a risk-based approach to email security, leveraging science and automation, they can keep pace with the bad guys, preventing phishing attacks and the costly downstream effects of data loss and customer distrust.”

Download the report for more insights.

Content retrieved from: https://www.prnewswire.com/news-releases/phishing-and-spoofing-attacks-on-global-enterprises-intensify-reports-agari-301106191.html.

Subscribe To Our Newsletter

Get Notified About Our Latest Posts - Updates every Monday

No Spam, Your Email will NOT be Shared

More To Explore

Mergers and Acquisitions

TowerData & FreshAddress Merged

TowerData, now celebrating 20 years in the industry has merged with FreshAddress. The merger is supported by a strategic investment from TZP Group a private

Press Releases

J2 Global is now Ziff Davis

J2 Global Inc. recently announced it intends to change its corporate name to Ziff Davis, Inc., upon completion of the planned spin-off of its Consensus

Do You Want To Collaborate?

drop us a line and we will be in touch