Not all email scams are obvious, and Abnormal Security just announced that it has raised a $210 million Series C at a $4 billion valuation to help business weed out problematic messages more efficiently.
The round — led by Insight Partners and including Greylock Partners and Menlo Ventures — brings its total funding to $284 million. Its valuation has increased by more than six-fold since its Series B in 2020, when it was valued at $600 million, according to PitchBook.
Founded in 2018 by CEO Evan Reiser and CTO Sanjay Jeyukamar, the San Francisco startup uses artificial intelligence and machine learning to identity all forms of suspicious emails from traditional spam and phishing to malware, ransomware, internal compromises and social engineering.
Rather than sending recipients generic phishing scams, socially engineered scams attempt to trick users into handing over sensitive information like passwords, or even initiate bank transfers themselves, by impersonating other trusted people.
This type of scam, also called a "business email compromise," was estimated to cost businesses more than $2 billion in losses last year, according to a 2021 report on internet crimes from the FBI.
Another recent FBI alert says that these scams have increased 65% over the past couple of years. From July 2019 to December 2021, total global exposed losses (actual and attempted losses combined) exceeded $43 billion, the alert said, and complaints involving cryptocurrency have been increasing.
Abnormal Security says it counts companies like Xerox, Hitachi Vantara, Urban Outfitters, Groupon, Royal Caribbean International and Auto Club Group-AAA as customers, and plans to use this new funding to support its growth particularly in Europe and Asia.
“There is simply too much data for humans to analyze and determine what’s real and what’s a threat. We invested in Abnormal because it is uniquely positioned to protect organizations' email in the cloud with its AI-driven approach," Insight Partners co-founder Jeff Horing said in a statement. "Secure email gateways can no longer reliably secure email, with many organizations having moved to the cloud and modern attacks successfully evading them. What worked 20 years, or even 10 years ago, is no longer applicable.''
Some scammers are even using deep fake audio tools to impersonate executives and trick unsuspecting staffers, AP News reported in April. And organizations of all sorts have been targeted by an array of business email compromises including non-profits and government agencies.
Social engineering scams don't always directly target an organization's own financial accounts, though. In 2020, one or more Twitter employees were duped in a cryptocurrency scam that allowed the scammers to take control of several high-profile, verified accounts and post messages directing other users to deposit bitcoin into a wallet. In return, the posts said, they would send each user back double the amount.
Three people, including two teenagers, were ultimately charged with stealing $118,000 worth of bitcoin through the scam.
Abnormal Security had 50 employees in 2018, as we reported after its Series A round, and the company now has more than 300 employees, according to Forbes.
