• Home
  • Latest
  • Fortune 500
  • Finance
  • Tech
  • Leadership
  • Lifestyle
  • Rankings
  • Multimedia

Trendingnow

1

As Big Tech showers employees with perks to win the talent war, Nvidia built a nearly $5 trillion company by making people pay for their own lunch

2

MacKenzie Scott alone accounted for one-third of America's $19.2 billion in megagifts last year

3

The Supreme Court's birthright citizenship ruling hands the U.S. economy a $7.7 trillion win

1

As Big Tech showers employees with perks to win the talent war, Nvidia built a nearly $5 trillion company by making people pay for their own lunch

2

MacKenzie Scott alone accounted for one-third of America's $19.2 billion in megagifts last year

3

The Supreme Court's birthright citizenship ruling hands the U.S. economy a $7.7 trillion win
TechCybersecurity

How an Ex-Twitter Adman Plans to Squash Business Email Compromise, One of Tech’s Most Pernicious Threats

Robert Hackett
By
Robert Hackett
Robert Hackett
Down Arrow Button Icon
Robert Hackett
By
Robert Hackett
Robert Hackett
Down Arrow Button Icon
November 19, 2019, 9:00 AM ET
Evan Reiser, CEO and cofounder of Abnormal Seucirty (left) beside Sanjay Jeyakumar, his cofounder and chief technology officer. Courtesy of Greylock Partners
Evan Reiser, CEO and cofounder of Abnormal Seucirty (left) beside Sanjay Jeyakumar, his cofounder and chief technology officer. Courtesy of Greylock PartnersCourtesy of Greylock Partners
Add Fortune on Google for similar content.

In spring of 2017, Asheem Chandna was sitting in a meeting at the Silicon Valley offices of Greylock Partners, the venture capital firm where he works as an investor, when he learned someone had hijacked his identity.

On the other side of the country, a junior member of Greylock’s finance department in Boston had been exchanging email messages with a person he thought was Chandna. The request, which originated from Chandna’s email address, seemed believable enough: Wire $400,000 to a bank account in Singapore. The scheme unraveled when the employee sought to confirm the transfer with his boss, Greylock’s chief financial officer.

The finance chief spotted something fishy. He noticed the style of writing did not conform to that of the supposed author. Not to mention, Chandna would never make such an odd request, the finance boss thought. It quickly became clear: A hacker had infiltrated his colleague’s inbox. “Basically, somebody was in my email account, live, right then,” Chandna recalls.

Chandna—who specializes, ironically enough, in cybersecurity—was the target of an increasingly prevalent internet scam called “business email compromise.” The ploy involves fraudsters impersonating targets, whether by hacking or spoofing email accounts, and then tricking their contacts into forking over loot. Frequent prizes include unauthorized transfers of funds or documents such as wage and tax forms.

The compromises have gotten so out of control that the Federal Bureau of Investigation warned in a September bulletin that between May 2018 and June 2019 actual and attempted losses reported by victims doubled. Between June 2016 and July 2019, tens of thousands of companies have reported more than 160,000 incidents totaling $26 billion in actual and attempted losses, the bureau said. (And those figures only include publicly reported cases, meaning they’re likely conservative.)

Luckily for Greylock, Chandna’s team discovered the fraud and reclaimed control of his inbox before any funds flowed to Singapore. But not everyone is so lucky. In 2015, a San Jose-based tech firm, Ubiquiti Networks, said it lost $47 million in a similar attack. A year later, Austrian aerospace firm FACC lost the same amount in a fiasco that ultimately cost both the company’s chief executive and finance officers their jobs. Many others have fallen prey too—including Facebook and Google.

“Email is the lifeblood for most companies and it continues to be a key vector for attack,” Chandna tells Fortune. Having come face to face with the problem, he became convinced that more needed to be done to combat the growing threat. And like any good investor, he sensed a business opportunity.

Never let a crisis go to waste

Soon after the email compromise, Chandna found a receptive ear on Evan Reiser, then a product manager at Twitter responsible for its $2 billion-per-year ad business.

The men had prior ties. Greylock had been a major investor in TellApart, the advertising tech firm that had bought Reiser’s own small, personalized ad tech startup, AdStack, in 2013. Two years later, Twitter acquired TellApart for $532 million in what remains the microblogging site’s biggest deal to date—earning Greylock a pretty penny for its early bet.

But Twitter’s TellApart purchase didn’t pan out as hoped. In the months that followed, Twitter’s digital ad business faltered, and the company struggled to rally against the likes of a Google and Facebook duopoly. Year-over-year revenue declined to $638 million in the fourth quarter of 2016 from $641 million in the fourth quarter of 2015—a miss the company attributed to slippage at TellApart. In early 2017, Josh McFarland, formerly TellApart’s cofounder and CEO and then Twitter’s vice president of product, left to become a VC at Greylock, where he had initially incubated TellApart. A year later Reiser followed in McFarland’s footsteps—not as a Greylock investor, but as an “entrepreneur in residence.”

A major factor in Reiser’s decision to tackle the challenge of business email compromise was, he says, reading a Fortune investigation that found Google and Facebook were the victims of $100 million worth of scams crafted by a single Lithuanian man. That such sophisticated organizations could fall prey to such seemingly simple fraud “blew my mind,” Reiser says.

Since joining Greylock in April 2018, Reiser has been quietly building Abnormal Security, a startup that aims to put the kibosh on the very hacker tactics that nearly got the better of its investor. Greylock has poured $24 million into the startup in the hopes that it will counter the scourge—one which research firm Gartner listed this year among its top 10 priorities for the cybersecurity industry.

How to tell hackers apart

What do selling ads and combatting hackers have in common? Turns out a lot, Reiser says.

“We’re taking the same data science techniques we borrowed from the advertising industry to model behavior and look for abnormal patterns,” he says, explaining the company’s methodology as well as its name. “We suck up all the data inside an IT security system to create profiles of who employees are and what is their expected behavior, to look for suspicious behaviors indicative of frauds or scams.”

The tells are many. Abnormal uses machine learning-based algorithms to sort data into three buckets—identity, content, and relationships. Some key clues for sussing out imposters include unfamiliar domain names or IP addresses (identity), uncharacteristic writing styles or urgent payment requests (content), and frequency and type of communications expected between various contacts (relationships). Abnormal’s product parses “thousands of data points,” Reiser says, which feed each category and determine when a confluence of unlikely factors indicates mischief.

“All these things, individually, could happen 5% of the time, but the chances of all three happening at the same time is zero,” Reiser says, conjuring a hypothetical example.

Customers don’t need to wait long to benefit from Abnormal’s protections. The company’s product can ingest years’ worth of email records contained in archives, plot its baselines, and get up to speed within minutes, Reiser says. The product works with Microsoft 365 or Google’s G Suite, popular enterprise email services. So far Abnormal has 50 employees and a dozen customers, including Xerox and Vistra Energy, a Texas-based power company.

Ryan Kalember, head of cybersecurity strategy at Proofpoint, an incumbent email security firm, describes business email compromise as “probably the most expensive problem in all of cybersecurity,” surpassing even ransomware as a cause of cyber insurance claims. Kalember says Proofpoint has been prioritizing the threat for years by releasing products that specifically aim to address it and by, generally, funneling 20% of the company’s annual revenue into R&D.

But some customers see room for improvement. Joseph Kamau, chief security officer of Freedom Financial Network, a financial services provider based in San Mateo, Calif., says fewer social engineering attacks are landing in employees’ inboxes since the company began supplementing Proofpoint’s products with Abnormal’s. Impersonations that used to slip through the cracks no longer are, he says.

Much like in his advertising days, “the core technology is around understanding and predicting the behavior of people,” Reiser says. But the ambition goes beyond money. “For me, personally, I wanted to start the company to go solve a problem I think is meaningful,” he says.

“Greylock backed this company because we personally experienced a business email compromise attack,” Chandna says. And though many of his peers and other companies don’t like to admit it, “I know we’re not unique in that.”

More must-read stories from Fortune:

—Why the Midwest is a hotbed for innovation
—Nintendo’s Switch Lite helps capture new audiences—women and families
—A new Motorola Razr—and its folding screen—could bring phone design back to the future
—Most executives fear their companies will fail if they don’t adopt A.I.
—How giving thinkers and tinkerers room to experiment builds a better company
Catch up with Data Sheet, Fortune’s daily digest on the business of tech.

About the Author
Robert Hackett
By Robert Hackett
Instagram iconLinkedIn iconTwitter icon
See full bioRight Arrow Button Icon
Add Fortune on Google for similar content.

Latest in Tech

Finance
Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam
By Fortune Editors
October 20, 2025
Finance
Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam
By Fortune Editors
October 20, 2025
Finance
Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam
By Fortune Editors
October 20, 2025
Finance
Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam
By Fortune Editors
October 20, 2025
Finance
Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam
By Fortune Editors
October 20, 2025
Finance
Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam
By Fortune Editors
October 20, 2025

Most Popular

Finance
Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam
By Fortune Editors
October 20, 2025
Finance
Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam
By Fortune Editors
October 20, 2025
Finance
Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam
By Fortune Editors
October 20, 2025
Finance
Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam
By Fortune Editors
October 20, 2025
Finance
Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam
By Fortune Editors
October 20, 2025
Finance
Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam
By Fortune Editors
October 20, 2025
Fortune Secondary Logo
Rankings
  • 100 Best Companies
  • Fortune 500
  • Global 500
  • Fortune 500 Europe
  • Most Powerful Women
  • World's Most Admired Companies
  • See All Rankings
  • Lists Calendar
Sections
  • Finance
  • Fortune Crypto
  • Features
  • Leadership
  • Health
  • Commentary
  • Success
  • Retail
  • Mpw
  • Tech
  • Lifestyle
  • CEO Initiative
  • Asia
  • Politics
  • Conferences
  • Europe
  • Newsletters
  • Personal Finance
  • Environment
  • Magazine
  • Education
Customer Support
  • Frequently Asked Questions
  • Customer Service Portal
  • Privacy Policy
  • Terms Of Use
  • Single Issues For Purchase
  • International Print
Commercial Services
  • Advertising
  • Fortune Brand Studio
  • Fortune Analytics
  • Fortune Conferences
  • Business Development
  • Group Subscriptions
About Us
  • About Us
  • Press Center
  • Work At Fortune
  • Terms And Conditions
  • Site Map
  • About Us
  • Press Center
  • Work At Fortune
  • Terms And Conditions
  • Site Map
  • Facebook icon
  • Twitter icon
  • LinkedIn icon
  • Instagram icon
  • Pinterest icon

Latest in Tech

How foodservice giant Sodexo is embracing AI and robotics to reshape the kitchen
NewslettersCIO Intelligence
How foodservice giant Sodexo is embracing AI and robotics to reshape the kitchen
By John KellJuly 1, 2026
14 hours ago
Anthropic CEO Dario Amodei
AIAnthropic
Anthropic’s AI models are back online after a two-week government standoff—settling the company and administration into a fragile truce
By Tristan BoveJuly 1, 2026
14 hours ago
Nikesh Arora, chief executive officer at Palo Alto Networks
SuccessJobs
CEO of $248 billion cybersecurity company says workers are about to face a ‘Darwinian moment’ thanks to AI: Evolve or get cut
By Emma BurleighJuly 1, 2026
16 hours ago
Current price of Ethereum for July 1, 2026
Personal FinanceEthereum
Current price of Ethereum for July 1, 2026
By Joseph HostetlerJuly 1, 2026
18 hours ago
In this photo illustration, a Cisco logo is displayed on a smartphone with Artificial Intellingence (AI) symbols in the background.
AICFO Daily
Cisco is rolling out AI agents to every single one of its 90,000 employees
By Sheryl EstradaJuly 1, 2026
18 hours ago
senate
CommentaryCongress
One rare bipartisan AI bill is moving through Congress. Here’s why it deserves to pass
By Neil Björkman and Betsy BrewerJuly 1, 2026
20 hours ago

Most Popular

As Big Tech showers employees with perks to win the talent war, Nvidia built a nearly $5 trillion company by making people pay for their own lunch
Big Tech
As Big Tech showers employees with perks to win the talent war, Nvidia built a nearly $5 trillion company by making people pay for their own lunch
By Marco Quiroz-GutierrezJuly 1, 2026
24 hours ago
MacKenzie Scott alone accounted for one-third of America's $19.2 billion in megagifts last year
Success
MacKenzie Scott alone accounted for one-third of America's $19.2 billion in megagifts last year
By Sydney LakeJune 25, 2026
7 days ago
The Supreme Court's birthright citizenship ruling hands the U.S. economy a $7.7 trillion win
Newsletters
The Supreme Court's birthright citizenship ruling hands the U.S. economy a $7.7 trillion win
By Diane BradyJuly 1, 2026
22 hours ago
Current price of oil as of July 1, 2026
Personal Finance
Current price of oil as of July 1, 2026
By Joseph HostetlerJuly 1, 2026
18 hours ago
Philanthropy leader at Warren Buffett and Bill Gates’ Giving Pledge says children of billionaires are pushing them to give their wealth away faster
Success
Philanthropy leader at Warren Buffett and Bill Gates’ Giving Pledge says children of billionaires are pushing them to give their wealth away faster
By Preston ForeJune 27, 2026
5 days ago
Elon Musk on MacKenzie Scott giving away $26 billion of her fortune: 'Sadly,' it makes the world a worse place
Success
Elon Musk on MacKenzie Scott giving away $26 billion of her fortune: 'Sadly,' it makes the world a worse place
By Sydney LakeJune 29, 2026
3 days ago

© 2026 Fortune Media IP Limited. All Rights Reserved. Use of this site constitutes acceptance of our Terms of Use and Privacy Policy | CA Notice at Collection and Privacy Notice | Do Not Sell/Share My Personal Information
FORTUNE is a trademark of Fortune Media IP Limited, registered in the U.S. and other countries. FORTUNE may receive compensation for some links to products and services on this website. Offers may be subject to change without notice.