The top finding shows that fraudsters deployed phishing campaigns using identity deception techniques that impersonate trusted brands or individuals, at record frequency. Identity deception-based attacks accounted for 62 percent of all advanced email attacks from July through to September 2019. These percentages are up in the aggregate and the composition of these deceptions is in flux. Two identity deception attacks are favoured among email fraudsters: Phishing campaigns impersonating brands, which dropped six percent quarter-over-quarter, and phishing campaigns impersonating individuals, which rose to 22 percent, compared to just 12 percent in the previous quarter.

"Malicious emails impersonating well-known brands are generally associated with credentials-harvesting schemes," said Patrick R. Peterson, founder and CEO, Agari. "And those spoofing trusted individuals are typically linked to more sophisticated, social engineering-based business email compromise attacks."

A two percent decline in attacks launched from hijacked email accounts occurred this quarter, perhaps due to cybercriminal organisations spending the early part of this year in full intelligence-gathering mode, gearing up for more lucrative, business email compromise (BEC) attacks to come.

The recent rise in email attacks spoofing trusted individuals augers a period of heightened risk from BEC and other highly-sophisticated email scams in the months ahead.

Other findings include:

Payroll diversions now account for one in four BEC cons, up five percent during the last three months

DMARC adoption soared 49 percent in past year, but 84 percent of Fortune 500 still remain at risk of brand abuse and phishing attacks of customers

Employee-reported phishing incidents jumped six percent over the past 90 days; at the same time, the false-positive rate increased too, to seven percent.

