Email Security Blog

Businesses Grow More Vulnerable to Email Attacks, Even with Improved Defenses

Patrick Peterson July 18, 2019 Email Security

Cybercriminals increasingly use new forms of identity deception to launch an email attack to target your weakest link: humans.

Call it a case of locking the back window while leaving the front door wide open. Throughout the last year, a number of reports have surfaced about sophisticated cyberattacks that are proving all too successful at circumventing the elaborate defenses erected against them.

Firewall? Check. Application security? Check. Endpoints? Those are covered, too. Yet despite the millions organizations spend each year on perimeter security, the bad guys are still winning. In 2018, cybercrime losses exceeded $2.71 billion in the United States alone.

But how can this be possible? How can businesses grow more vulnerable even as their defenses harden?  As it turns out, 97% of organizations are failing to effectively leverage modern technology to protect against the number one target cybercriminals use to implement their schemes—human beings.

Indeed, whether it’s the Marriott breach that exposed the personal information of up to 500 million people or the 12 million patient records stolen through the Quest Diagnostics breach, cyberattacks tend to have one thing in common—they almost all involve identity deception perpetrated against specific individuals. And that means they almost always start with email.

Mission Impersonate for Data Access

The fact is, email is still the most popular tool for business communication and collaboration. But most email security systems are falling short in protecting organizations against fraud.

Today, up to 94% of data breaches start with an email reaching a well-placed target. And while you may think this number is excessively high, we’re not talking about the typo-laden phishing email attacks of the early 2000s.

Cybercriminals now produce flawlessly crafted messages capable of deceiving virtually anyone. They’ve also come to understand something far more critical to their success—you’re much more likely to be fooled into disclosing sensitive information or downloading dangerous malware if you’re reacting to a trusted colleague or someone you wish to impress.

Take the current trend in file-sharing email fraud. According to CSO, cyberthieves are increasingly leveraging information from social media to target corporate employees and then posing as colleagues and sending them file-sharing phishing emails from OneDrive and other popular cloud services.

Embedded links within the emails lead recipients to fake sign-in pages, where they’re prompted to enter their personal credentials. Attackers then leverage those credentials to hijack the real accounts of victims, where they can steal valuable information, access contact lists, and launch ever-more devastating attacks.

The problem is that most email security solutions can’t detect this kind of fraud because the login page is hosted on a compromised website with a good reputation.

Advanced Email Attacks: Personalized & Pernicious

Most identity deception-based email attacks increasingly follow a similar playbook. First, they leverage popular cloud services in order to make infrastructure reputation less reliable. After all, it’s not as if organizations can simply blacklist the likes of Google or Microsoft, since they also send a large amount of legitimate email.

Second, they appear to come from identities and brands the target trusts. Think simple display name ploys, where fraudsters insert a trusted identity within the “from” field within Gmail and Yahoo so it appears to be legitimate. Or domain spoofing, which involves displaying a legitimate email address, which is possible when organizations do not secure their brands from cybercriminals. But that’s not all.

In a look-alike domain email attack, criminals substitute say, “” for an actual domain, like “,” to send fraudulent invoices. And then there are account takeover attacks, which originate from legitimate (but compromised) accounts and are notoriously difficult to detect since there is little indication that the emails are not who they say they are from.

Whatever the technique, the highly personalized messages within these emails are designed to be indistinguishable from everyday business email—rendering traditional content analysis ineffective. The goal is to manipulate the recipient into taking some action or disclose some piece of information that they assume will be safe, and unfortunately, they are more successful than we’d like.

Stemming the tide of such attacks won’t be easy.

Securing the New Perimeter Against Phishing Attacks

Security awareness and phishing training can help employees detect some of these new forms of email attacks. But the quality and sheer volume of new email schemes mean that will only go so far.

And yes, Domain-based Message Authentication Reporting and Conformance (DMARC) protocols can help stop domain spoofing and brand hijacking. But 97% of companies have yet to set up policy parameters to optimize effectiveness. But even then, this doesn’t protect against all the attacks that target employees and partners.

It’s also unclear how many organizations are deploying machine learning technologies with the kind of modeling and analytics capabilities needed to go beyond content analysis and infrastructure reputation to assess people, relationships, and behaviors and put an end to the identity deception-based email attack.

As it stands now, there probably aren’t enough of them. Cybercrime is only continuing to increase as criminals become smarter, so we must be prepared to take a stand against them. All this to say, we better hope more organizations move beyond just securing that “back window” on the perimeter—and stop the endless stream of identity-based email attacks flowing through their front door.

To learn more about identity deception and the rapidly evolving threat from email attacks, download our report on the latest trends in email fraud

Agari Blog Image

January 24, 2021 Art Chavez

Email Security: Agari Delivers a Whole New Level of Actionable Insight to Outpace Threat Actors

CISOs and their teams are about to get some serious performance enhancers in their high-stakes…

Agari Blog Image

December 15, 2020 Armen Najarian

What is Email Spoofing & How to Stop Attackers From Posing as You

What is email spoofing, how does it work, and why is it so dangerous to…

Agari Blog Image

May 12, 2020 Chuck Holland

Hosted DMARC: Accelerating Protection Against Email-based Brand Jacking Scams

The coronavirus pandemic is shining a spotlight on the importance of hosted Domain-based Message Authentication,…

Agari Blog Image

March 17, 2020 Armen Najarian

Phishing & Business Email Compromise (BEC): How Law Firms Can Protect Against Email Scams

The legal sector is learning some painful lessons about the growing threat phishing and business…

Agari Blog Image

December 17, 2019 Armen Najarian

Email Security Predictions 2020

Spoiler alert: When it comes to email security and the fight against business email compromise…

mobile image