Agari: Fake Microsoft & Amazon Dominate Impersonated Brands in Email Attacks
Credit union employees should be on high alert for these types of cyber attacks.
Agari, which uses predictive artificial intelligence to stop advanced email attacks, identified how advanced email attacks target unsuspecting businesses and consumers with display name deception as the most common attack vector.
According to the FBI, business email compromise has become a $12 billion scam. Advanced email attacks, such as BEC, leverage identity deception methods, including domain name spoofing, lookalike domains and display name spoofing to take advantage of end-user trust.
Agari claimed the attacks it identified in its third quarter 2018 report evaded detection by other email security solutions. Legacy email security solutions, such as secure email gateways are unable to detect advanced email attacks because they do not include malicious URLs or malware attachments.
Microsoft was impersonated in 36% of all brand display name impersonation attacks in the third quarter. Amazon was the second most commonly impersonated company, used in 27% of these attacks. Agari noted Amazon and Microsoft operate the largest public cloud computing platforms, which are extensively used by organizations undertaking digital transformation projects.
The pattern was different for high-value targets, such as C-suite executives—Microsoft was impersonated in 71% of these attacks. Dropbox is a distant second at 7%, followed by United Parcel Service at 6%.
These attacks often appear as service updates, security alerts and password resets. The ubiquity of Microsoft Office in corporate environments and the swift embracing of cloud-based Office 365 makes Microsoft an attractive impersonation target, while file-sharing services such as Dropbox are often imitated to dispense malware because users are more likely to trust its installation.
“While organizations are digitally transforming their operations with cloud messaging, advanced email attacks, such as phishing and business email compromise have become more effective than ever,” Armen Najarian, chief marketing officer, Agari, said. “The damage from these attacks has ballooned into billions of dollars annually—however the real cost is the erosion of trust in digital business.”
Agari’s new report revealed that 62% of advanced email attacks leverage display name deception: 54% impersonate trusted brands and 8% impersonate individuals. The danger is that an effectively compromised Office 365 or AWS account could serve to launch subsequent attacks that are even harder to detect. Three percent of identity deception-based incidents come from compromised email accounts commandeered through account takeover attacks.
Agari’s third quarter report includes the analysis of more than 280 million registered public domains’ use of Domain-based Message Authentication, Reporting and Conformance, an open email authentication standard aimed at preventing spoofed domain use in phishing or spam adoption.
In 2017, Agari research found only one-third of the Fortune 500 had adopted DMARC, with less than 10% enforcing a quarantine or reject policy. Agari’s new research revealed 51% adopted DMARC, although still only 13% enforce a quarantine or reject policy. Agari observed an upsurge in DMARC adoption from 3.5 million domains in July 2018 to 5.3 million domains in October 2018, representing a 51% increase.
This increased adoption during the third quarter coincided with the approaching (and now final) deadline of the Department of Homeland Security Binding Operational Directive 18-01, which mandates all federal executive branch domains must adopt DMARC and implement a reject policy. The federal government now leads all industry verticals with an 84% DMARC adoption rate. More than three-quarters of federal domains (76%) have implemented a reject policy.
“Trust is the lifeblood of all communication, whether it’s interpersonal, business, government, or otherwise,” Najarian said. “Email marketing remains the most popular and profitable channel, yet brands remain at risk of having their customers deceived by impostors—wreaking havoc on their brand equity and reputation.”