H1 2021 Email Fraud & Identity Deception Trends

Call it a case of locking the back window while leaving the front door wide open. A year into the pandemic and amid successful attacks on GoDaddy, Magellan Health, and a continuous stream of revelations about the SolarWinds “hack of the decade,” cyber-attackers are proving all too successful at circumventing the elaborate defenses erected against them. But despite billions spent on perimeter and endpoint security, phishing and business email compromise (BEC) scams continue to be the primary attack vectors into organizations, often giving threat actors the toehold they need to wreak havoc. In addition to nearly $7.5 billion in direct losses each year, advanced email threats like the kind implicated in the SolarWinds case suggest the price tag could be much higher. As corroborated in this analysis from the Agari Cyber Intelligence Division (ACID), the success of these attacks is growing far less reliant on complex technology than on savvy social engineering ploys that easily evade most of the email defenses in use today.