Markus Jakobsson: My work at Agari now is to identify the trends, preferably, before they even start becoming noticeable to others and identify how to block them.
Sramana Mitra: What kind of customers are primarily using Agari?
Markus Jakobsson: A large number of companies use a product that blocks scammers from spoofing companies. Many of them are in the financial sector, or are insurance companies and health service providers. The set of enterprise customers who use the second product in order to protect themselves and their own enterprise users is slightly smaller, but is largely the same.
Mostly, it’s large companies in the financial sector and the health insurance sector. Those are companies that are often the target of the attackers. That’s where the big money is. That’s where they go first. These are companies that are well-organized. Therefore, they realize that they need to protect themselves before it actually does happen.
You must have read the recent reports about companies that have suffered business email compromise that belong to other sectors. Some are small companies. Some are not tech companies. The unifying thing is they’re all vulnerable, so we’re expanding in these markets and signing up companies who realize that even though they are not a financial company, they are also at risk.
Sramana Mitra: What would be interesting to do is double-click down to how you do what you’re doing. You started off by saying that you look for what a good email looks like and then you look for anomalies in that.
Markus Jakobsson: Let me give you a concrete example of that. Say that you and I exchange emails for several weeks. You ask me questions and I give you answers. I ask you questions and you give me answers. We have a conversation. Our email service providers and the email filters that I’m speaking of would identify that there’s some kind of working or trust relationship between you and me.
One day, you receive an email from a person whom you’ve never received an email before, but with the same display name as my display name. This doesn’t mean that it’s a bad email. One is that it could be my personal email account. Another possibility is it’s somebody else with my name. My name is somewhat unusual just like yours, but it could happen.
The third possibility is that it’s somebody who’s trying to impersonate me. The system then identifies that this is a high-risk email. It doesn’t mean that it’s bad. You can’t block an email based on this, but you can escalate the scrutiny of it. Those are the kinds of things that the Agari system does. It identifies increased risk and then forms additional actions on that. That is what helps save people from this type of abuse in which one person’s identity is used by another person.