Scammers Target Wall Street in New Capital Call Fraud Schemes, Reveals Investigation by Email Security Firm Agari

  • Capital call payment scams target on average more than $800,000 in wire transfers
  • 333% increase in payroll diversion scams as attackers evolve their tactics
  • 61% of phishing threats reported by employees are false-positives
  • 5.8 Billion malicious emails crafted by scammers spoof corporate URL domains
  • Use of BIMI by companies jumps 82%

FOSTER CITY, Calif. and LONDON (March 3, 2021) -- Agari, the Trusted Email Identity Company™, revealed today the results of a six-month analysis into the threat landscape, corroborating claims that the email channel is the most popular vector scammers use. Capital Call Investment scams are the newest form of fraud that scammers are using to swindle Wall Street firms and their clients out of an average of $800,000 per incident.

The study, titled Agari H1 2021 Email Fraud and Identity Deception Trends Report, also shows that the cyber threat landscape is saturated with credential phishing scams and payroll diversion attacks while corporate security operation centers (SOC) are getting pummeled by employee false-positive phishing reports.

“Cyber criminals have once again shifted their tactics, increasing their use of payroll diversion, targeting remote workers, and impersonating financial firms with new capital call scams looking for bigger payouts,” said Agari CMO Seth Knox. “While businesses have increased their use of cyber security defense, more needs to be done to prevent BEC scams, prevent email identity deception, and automate the response to phishing incidents and security breaches.”

Email security is returning to the middle of the bullseye for CISOs because of ongoing trends, like remote and distributed workforces that were spurred by the COVID-19 pandemic. Plus, financially-motivated scammers continue to innovate by finding new ways to take advantage of any vulnerability in the money system.

Capital Call Email Scams Emerge
In emails to targets, business email compromise (BEC) actors masquerade as an investment or insurance firm requesting funds from an investor to be transferred in accordance to an investment commitment. Because of the nature of such transactions, the payments requested are significantly higher than those sought in most wire transfer scams. The average payout targeted in capital call schemes: $809,000. Below is one of the scammer’s emails for this scam.

Payroll Diversion Fraud Skyrockets
The shocking 333 percent increase in payroll diversion attacks over the last half of 2020 indicates BEC actors have pivoted back to these types of attacks. Payroll diversion attacks had been on the decline throughout the first half of 2020 due to the implementation of mitigation controls that minimized the effectiveness of their preferred mule accounts and a shifting focus on other types of fraudulent activities, like unemployment fraud. Scammers have adapted their tactics to overcome these defenses by switching to other types of mule accounts to receive their stolen proceeds, like Green Dot prepaid cards and CashApp.

DMARC and BIMI Adoption Increases
Global DMARC adoption, which protects emails against impersonation of a business brand and domain, leapt 32 percent during the second half of 2020. While that is progress it looks like the Fortune 500 are still slow to implement. The number of Fortune 500 companies to deploy DMARC rose only modestly—including a 4 percent increase in domains with DMARC set at its most aggressive level of protection. This lack of deployment, which leaves the biggest companies in the world at risk, continues to be a puzzle as domain spoofs by scammers escalated to 5.8 Billion during the six month timeframe of this study.

A ray of sunlight exists, though, with the increased adoption of Brand
Indicators for Message Identification (BIMI). Our assessment shows an 82 percent rise in the number of brands adopting BIMI at a time when the email channel is more crucial than ever. BIMI is a visual indicator, usually a company logo, that shows the email a consumer is receiving really comes from that brand.

SOC Analysts Walloped
The numbers are staggering when it comes to the daily grind SOC analysts are under. Insights driven from data culled from large organizations across industries showed 65,898 potential phishing attacks were reported by employees to company SOCs. Of those reported 61 percent were investigated and deemed non-malicious, or a false-positive. The amount of time SOC analysts are spending on non-threats is more than they are spending on true threats. The pace of automation in the SOC needs to triple in 2021 to reduce threats, slow SOC employee turnover, and protect companies more efficiently. The study shows that organizations with automated phishing response processes detect 88X the number of similar malicious messages exclusively reported by employees, freeing analysts’ time to work true threats.

Register for the upcoming Trust 2021 cybersecurity industry event where sessions will cover data science and security, automation, security awareness and training, and supply chain cybersecurity.

Additional Resources:
Report: H1 2021 Email Fraud & Identity Deception Trends Report
Blog: Agari Report: New BEC Scam 7X More Costly Than Average, Bigger Phish Start Angling In
Webinar (March 17): H1 Email Fraud and Identity Deception webinar

About Agari
Agari is the Trusted Email Identity Company™, protecting brands and people from devastating phishing and socially-engineered attacks. Using applied data science and a diverse set of signals, Agari protects the workforce from inbound business email compromise, supply chain fraud, spear phishing, and account takeover-based attacks, reducing business risk and restoring trust to the inbox. Agari also prevents spoofing of outbound email from the enterprise to customers, increasing deliverability and preserving brand integrity. Learn more at agari.com.

Media Contact
Seth Knox
Chief Marketing Officer, Agari
+1 650-454-9499
[email protected]

Recent News
January 12, 2023

In this IT Security Wire article, cybersecurity experts 

September 29, 2022

It’s difficult to control your Social Security number in the wild.

September 14, 2022

In Cyber Protection Magazine’s Crucial Tech podcast, John Wilson, Senior Fellow, Threat Research, delves into the latest research from Agari and PhishLabs by Fortra.

September 12, 2022

In his guest essay for The Last Watchdog, Eric George, Director of Solutions Engineering at PhishLabs by, expl

September 2, 2022

MINNEAPOLIS (September 1, 2022)—Fortra announced today the acquisition of Outflank, a well-regarded IT security leader with de