Blog

Blog

Phishing: How to Protect Against Email Attacks Sent from Compromised SendGrid Accounts

Blocking SendGrid email traffic isn't a realistic option for most businesses hit by a barrage of phishing attacks emanating from compromised accounts at the Twilio-owned email service provider in recent months. Instead, Agari leverages a strategic data modeling approach to neutralize the threat while enabling legitimate SendGrid-distributed emails to safely reach employee inboxes. More on that in...
Blog

Brand Indicators for Message Identification (BIMI) Adoption Soaring to New Heights

For a growing number of email marketers, it may be "BIMI or bust." As of June 30, nearly 5,300 companies have adopted Brand Indicators for Message Identification ( BIMI ), a new email standard for showcasing a brand's logo next to its email messages in recipient inboxes, with built-in protections against phishing-based brand spoofing. The tally reflects a 3.8X increase in the number of brands...
Blog

Why Full DMARC Protection is a Pressing Business Imperative in 2020 and Beyond

If you haven't deployed Domain-based Messaging Authentication, Reporting, and Conformance (DMARC) to protect your brand from being impersonated in phishing scams, there are pressing reasons to jump on it now. Without a doubt, these are extraordinary times for individuals and organizations alike as we've been forced to change the way we work, shop, play, and live seemingly overnight, and for far...
Blog

Implement DMARC for Trust Before Google AMP for Email

With marketers more dependent on digital channels, many may accelerate their tests of Google's AMP for Email technology in search of an edge. But without an email protocol called Domain-based Messaging Authentication, Reporting and Conformance ( DMARC ), fraudsters could weaponize the trust customers expect from your brand for their own evil intentions and put consumers and businesses at risk. The...
Blog

Employee-Reported Phishing Attacks Climb 65%, Clobbering SOC Teams

Scams related to COVID-19 helped fuel a 65% increase in employee-reported phishing attacks during the first half of 2020, according to our mid-year Phishing Incident Response Survey of SOC professionals at 13 large organizations spanning a cross-section of industries. Even before the outbreak, phishing was implicated in nearly 7 in 10 corporate data breaches, prompting many organizations to arm...
Blog

DMARC Adoption Slows, 80% of Fortune 500 Email Senders Remain Unauthenticated

The first half of 2020 saw 25 additional Fortune 500 companies adopt Domain-based Messaging, Reporting & Conformance (DMARC)—bringing the total to 20% of organizations within the index, according to our H2 2020 Email Fraud and Identity Deception Trends Video . Which is salutatory, to be sure. But it means 80% of the world's biggest companies haven't adopted the standard email authentication...
Blog

Phishing & BEC Scams Soar 3000%: Agari H2 2020 Email Fraud and Identity Deception Trends Report

Coronavirus-related phishing attacks and business email compromise (BEC) scams skyrocketed 3,000% from mid-March through early June, according to mid-year analysis from the Agari Cyber-Intelligence Division (ACID). As chronicled in our H2 2020 Email Fraud & Identity Deception Trends Report , the year began with expectations of record-breaking profits for email threat groups—long before most of us...
Blog

DMARC: How Phishing Rings Can Use Your Email Authentication Controls Against You

In the first reported case of its kind, a phishing ring in Eastern Europe is exploiting companies' own Domain-based Message Authentication, Reporting and Conformance ( DMARC ) controls to impersonate CEOs in business email compromise (BEC) scams worth millions. As detailed in our new threat actor dossier on a group we call Cosmic Lynx , the Agari Cyber Intelligence Division (ACID) has identified...
Blog

Business Email Compromise: New Shift in BEC Threat Landscape Puts CISOs on Notice

A seismic shift in the email threat landscape has CISOs bracing for sophisticated new forms of business email compromise (BEC) scams, as phishing's center of gravity begins to tilt from West African email scammers toward Russian and Eastern European cybercrime lords. As detailed in our new threat actor dossier on a threat group we call Cosmic Lynx , the Agari Cyber Intelligence Division (ACID) has...
Blog

Cosmic Lynx: A Russian Threat Hits the BEC Scene

“At some point, Russian and Eastern European cybercriminals are going to start thinking to themselves, ‘Why am I spending all of this time and money setting up infrastructure and hiring malware developers when I can just send someone an email, ask them to send me money, and they’ll do it.’” For more than a year, this is a line we have used over and over again, expecting that some of the world’s...
Blog

Agari Summer '20 Release: CISOs Gain Unique Threat Intel to Their Organizations

With business email compromise (BEC) scams up sharply amid the coronavirus pandemic, CISOs have been forced to scour an expanding but largely inscrutable email threat landscape in hopes of fending off costly attacks—until now, that is. In an industry first, the new Agari Summer '20 Release offers CISOs access to real-world intelligence on specific phishing threats unique to their organizations...
Blog

Forrester: Agari Phishing Defense Works a 97% ROI Over Three Years

A new Total Economic Impact (TEI) Study from Forrester finds that Agari Phishing Defense™ (APD) delivered results 36% faster than competing solutions, and results in a 97% ROI in just three years. But it turns out that's just the warm-up act. TEI reports are designed to help organizations accurately evaluate potential IT initiatives. In this instance, we commissioned the study so Forrester...
Blog

Phishing: With Zero-Day Email Attacks Rising, Are Some Companies Giving Up the Fight?

Amid a troubling rise in zero-day phishing attacks, recent research suggests that some companies may be making an ill-advised shift away from blocking advanced email threats to responding to them post-delivery. If true, the capitulation couldn't come at a worse time. Since January, cybercriminals taking advantage of the COVID-19 outbreak have been targeting businesses and individuals with an...
Blog

Preventing Phishing Attacks:  The Dangers of Two-Factor Authentication

Are you protecting your remote workers against an endless barrage of COVID-19 related phishing attacks by requiring 2-factor authentication (2FA) to log into employee email accounts? Smart move—just don't let it give you a false sense of security.
Blog

Business Email Compromise (BEC): W2 Scams Make an Unexpected Comeback in 2020

After barely registering a pulse last year, W2-based business email compromise (BEC) scams are back with a vengeance thanks to coronavirus-related business upheaval. With the 2019 tax filing deadline pushed back to July 15, 2020, and as much as 66% of all corporate employees working from home, operations for many companies have been anything but business as usual. Still we are surprised to see a...
Blog

Scattered Canary Cybercrime Ring Exploits the COVID-19 Pandemic with Fraudulent Unemployment and CARES Act Claims

Recently, news broke about how a sophisticated Nigerian cybercriminal organization has been committing mass unemployment fraud against a number of states, including Florida, Massachusetts, North Carolina, Oklahoma, Rhode Island, Washington, and Wyoming. Based on information uncovered by the Agari Cyber Intelligence Division, some, if not all, the actors behind these fraudulent schemes are likely...
Blog

Hosted DMARC: Accelerating Protection Against Email-based Brand Jacking Scams

The coronavirus pandemic is shining a spotlight on the importance of hosted Domain-based Message Authentication, Reporting, and Conformance ( DMARC ) to prevent cybercriminals from hijacking an organization's domains to launch phishing attacks that put the public at risk. A case in point - the World Health Organization (WHO). The UN's international public health agency has been issuing warnings...
Blog

Business Email Compromise (BEC) Scams: COVID-19 Related Email Attacks Top Threat to Financial Services

With billions of dollars in stimulus being earmarked for US companies and individuals reeling from the economic fallout of the coronavirus pandemic, business email compromise (BEC) rings are angling for a piece of the pie. At the top of the menu: banks, lenders, and other financial services organizations chartered with managing key facets of this unprecedented distribution effort. But for an...
Blog

COVID-19 Credential Phishing Scams: Feeding Off Coronavirus Fears

Since the beginning of February, we have seen more than a 3,000% increase in Coronavirus-themed phishing attacks targeting our customers. The spike in attacks is as logical as it is repugnant. With an estimated 75 million employees more reliant than ever on email during the largest "work-from-home experiment" in history, phishing scammers and other threat actors seem hellbent on exploiting...
Blog

Phishing and BEC Scams Targeting Remote Workers are on the Rise

Government officials are issuing fresh warnings about COVID-19 related business email compromise (BEC) scams targeting legions of remote workers participating in what has become "the world's largest work-from-home experiment." The troubling rise in success rates for these attacks could have serious implications for the future of email security. In just the last few weeks, cybercriminals...