"The ghosts of previous investments were in the room."
Pat Peterson has a tenacious impersonator.
Every few weeks a cybercriminal spoofs an email pretending to be him. The would-be crook attempts to dupe the finance department of Agari, the email security startup Peterson co-founded in 2009, to wire tens of thousands of dollars to a certain bank account, the chief exec tells Fortune. The office has a nickname for the indefatigable imposter: “Bad Pat.”
“He’s my alter-ego, my Bizarro-criminal nemesis,” says Peterson, whose San Mateo, Calif.-based firm sells software to protect organizations from such email-based cyberattacks. In this case, Peterson’s team lets the flagged messages reach internal inboxes so that its recipients can try to trick the hacker into revealing more information about him or herself.
“We have fun trying to bait him,” Peterson says, mentioning that they’ll tell the attacker they’ve sent the requested money, and did he receive it yet? “It’s completely amusing to us.”
Get Data Sheet, Fortune’s technology newsletter.
Agari, whose tech aims to solve the email phishing problem through a combination of data science, network and domain mapping, and buffered email security protocols, said Tuesday it raised $22 million in a Series D round of funding. So far the company has raised about $45 million total.
Norwest Venture Partners, which previously invested in the cybersecurity firm FireEye feye , led the funding round. Other participants included the firm’s six existing investors, which consist of Greylock Partners, Alloy Ventures, Battery Ventures, First Round, Scale Venture Partners, and angel investor Scott Banister, a co-founder of Cisco-owned csco cybersecurity firm IronPort. (Peterson previously served as vice president of technology at IronPort and was a fellow at Cisco before spinning out his start-up.)
Email phishing scams like the one described above are known as business email compromise, wherein fraudsters mimic execs and business partners in order to trick employees at an organization into giving up money, or other valuable assets like W-2 tax forms, which contain information useful for stealing identities. Other email-based attacks include ransomware campaigns, which encrypt computer data and extort users, and targeted compromises that deliver advanced persistent threats, hackers determined to pull off more insidious kinds of data breaches.
The Federal Bureau of Investigations estimates that since January of last year, incidents of business email compromise—”Bad Pat’s” go-to racket—grew by 270%, resulting in more than $2.3 billion lost. (And those are just the ones that the law enforcement agency knows about.)
Despite the gravity and growing prevalence of the situation, Peterson said his company had a harder time raising funding this round. “The trepidation and ghosts of previous investments were in the room,” Peterson said of his meetings with investors. “I could tell it was scary time for them.”
For more on cybersecurity startup funding, watch:
“We were lucky that this problem was literally exploding in the front page of publications and CISOs’ [chief information security officers’] emails every day” he said, adding: “I have no complaints, though I was hoping to get my own spoonful of irrational exuberance.”
Cybersecurity, once the hottest of sectors for venture capital deals, has entered a slump recently. Last year investors poured $3.3 billion into computer security startups, according to the market research firm CB Insights. The latest figures have not kept pace.
Peterson described the latest fundraising process as involving nearly unprecedented levels of due diligence, and a protracted process of circling back with CISO after CISO and customer after customer for validation. “We’re seeing a lot of partners around the table applying scrutiny to deals in ways they hadn’t done since the 2001 disaster.”
Rama Sekhar, partner at Norwest Venture Partners, said in a statement that the firm regularly interviews security chiefs before inking deals. “We consistently heard from these customers that major breaches were being attributed to targeted phishing attacks,” he said. “When we searched for an investment opportunity in today’s crowded security market that had a proven technology to meet this challenge, along with a track record of reliability, continued innovation, and high customer satisfaction, Agari stood alone.”
Agari last year doubled its headcount to 70 employees and has now has more then 100 customers, Peterson says. The firm counts JPMorgan Chase jpm and PayPal pypl among its customers. (The startup helped pioneer the email security standard known as DMARC (or Domain-based Message Authentication Reporting and Conformance), with PayPal, Yahoo yhoo , and Google goog .) Other companies in the email protection arena include Proofpoint pfpt and startups GreatHorn and Valimail.
Peterson said he was happy with the funding raise, though he had expected to see more investment froth. “It was a really intense process with a lot of people with fear in their eyes,” Peterson said, mentioning that he had been “hoping for more green in their eyes.”
“Winter has arrived in the funding environment,” Peterson added. “And there have been some significant casualties already.”