Agari: Business Email Compromise the Most Lucrative Form of Email Attack

A report from the email security vendor Agari provides new insights into the tactics used by cybercriminal groups to conduct email attacks and the extent of global email fraud. While many email-based attack methods are used, business email compromise (BEC) is the most lucrative for criminals and BEC attacks are the costliest for companies.

The Agari report was released days after the FBI published figures on the cost of Internet crime in its IC3 2017 Internet Crime Report. The FBI notes that losses from Internet crime have now reached record levels, with BEC attacks alone resulting in $675 million in losses in 2017 – a 300% increase from 2014 figures.

Business email compromise is a technique used to fool employees into emailing highly sensitive employee information or to make fraudulent wire transfers to criminals’ bank accounts. The attacks involve compromising an email account of an executive and sending email requests to employee’s posing as the account owner.

It is only recently that criminals started using BEC to attack companies. The trend was only identified in 2016. However, the significant rewards when attacks succeed and the high success rate has made the technique incredibly popular with cybercriminals. Last year, BEC attacks accounted for almost a quarter of all email-based attacks and resulted in the highest losses for business of any email-based attack method.

In its report, “Behind the ‘From’ Lines: Email Fraud on a Global Scale”, Agari explains that while governments are focused on nation-state attacks from the likes of China and North Korea, by far the biggest problem area is Africa, with 90% of all criminal email groups operating out of Nigeria.

For the report, Agari analyzed 59,652 emails from 78 criminal email accounts and tied those accounts to social media profiles and personal registrations to gain insights into the true identities of the scammers.

The report shows that cybercriminal groups operating out of Nigeria are extensively targeting U.S. business and BEC is the most popular type of attack. Out of 100 initial email probes there is a 32% response rate and 0.37 victims for each 100 email probes sent.

The technique is most commonly used to convince employees to make fraudulent wire transfers, with the requests for payments ranging from $1,500 to $200,000. The average transfer request is $35,000. “Business email compromise has become a pervasive threat — it is the most popular, the most effective, and the most damaging of all of the attacks we research,” said founder and executive chairman, Agari, Patrick Peterson.

Romance scams are also popular and effective. The initial response rate is 72%, with 0.13 victims per 100 probes. Romance scams account for 11% of all email-based attacks. Considerable effort is invested in these scams and for good reason. Once a victim is hooked, they can be extorted over several years. The report highlights one cybercriminal who sent more than 1,500 messages to a victim over six years and managed to obtain more than $500,000.

Malware is also extensively used in attacks on businesses. The report highlights one cybercriminal operating out of Kenya who has been targeting real estate firms, first compromising email accounts by sending malware-infected documents then using those accounts to conduct ATO-based escrow scams.

Email-based attacks are highly lucrative, there is a relatively low chance of being caught, and the attacks often require little skill to conduct. The attacks will therefore not stop. However, by implementing advanced email security solutions, it is possible to block the majority of email threats and significantly reduce risk.

Author: Richard Anderson

Richard Anderson is the Editor-in-Chief of