Blog | Agari

Blog

Blog

Financials & Card Data Top Q3 Targets on the Dark Web

In Q3, credit unions nearly overtook national banks as the top targeted industry on the Dark Web, according to recent data from Fortra’s PhishLabs.
Blog

Emails Reported as Malicious Reach Four-Quarter High in Q3

The volume of malicious emails reported in corporate inboxes has reached a four-quarter high, according to the latest data from Fortra's PhishLabs.
Blog

What is Whaling Phishing & How Does it Work?

“Whaling” phishing fraud attacks target the C-suite of a company which creates high risk of extremely sensitive, mission-critical data being stolen and exposed. Fortunately, protecting the organization from these attacks is possible. Whaling phishing is a type of phishing attack targeting larger, high-value targets, which is why it's called "Whaling." Attackers themselves often pretend to be C...
Blog

How to Run Simulated Phishing Campaigns

Here's how to run a simulated phishing campaign to test and train your employees before they receive an actual phishing email. What is a Phishing Campaign? To be clear, when we say “phishing campaign,” we’re not referring to malicious, black-hat phishing campaigns. A simulated phishing campaign is part of an internal training program to raise employee awareness about real-world phishing attacks...
Blog

Office 365 + DMARC: Best Practices for Protecting Your Company & Customers From Phishing Attacks

In 2021, Gartner includes DMARC, or known by its full name as Domain-based Message Authentication, Reporting & Conformance, in its list of top 10 security projects. With very few exceptions, the best way for organizations to prevent getting impersonated in email attacks is to integrate DMARC into their Office 365-based email ecosystems.To understand why, let’s consider the benefits of deploying...
Blog

SMTPS: Securing SMTP and the Differences Between SSL, TLS, and the Ports They Use

What is the difference between SMTPS and SMTP? SMTPS uses additional SSL or TLS cryptographic protocols for improved security, and the extra "S" stands for SECURE! By default, SMTP to send email lacks encryption and can be used for sending without any protection in place, leaving emails with an SMTP setup susceptible to man-in-the-middle attacks and eavesdropping from bad actors while messages are...
Blog

What Is Email Phishing? How to Protect Your Enterprise

Phishing emails can steal sensitive data and cost companies' reputation. However, protecting a company from these scammers doesn't need to be difficult. What Do Phishing Emails Do? Phishing emails are a social engineering attack used to steal your personal information like passwords or credit card numbers. The victim receives an email appearing to be from a trusted company but which is actually...
Blog

It’s the Most Wonderful Time of the Year… for Cybercriminals

The holiday season is upon us, which means it’s also the busiest time of the year for online shopping. There’s Black Friday, Cyber Monday, and gifts to buy for loved ones. Plus, gifts to buy for yourself when the deals are this good! But beware, for cybercriminals ‘tis also the season to scam millions of dollars from unsuspecting people and companies. They’re banking on people being in a rush and...
Blog

TLS Email Encryption: What It Is & How to Check if Your Email Is Using It

What exactly is TLS when it comes to email encryption? TLS, or cybersecurity protocol Transport Layer Security first developed by the Internet Engineering Task Force (IETF), was designed to establish secure communications that provide both privacy and data security. Originally created from another encryption protocol called Secure Sockets Layer, or SSL, you may hear others use SSL and TLS...
Blog

Powerful New Agari Phishing Defense Integration Comes to Cortex XSOAR

As we expand our integrations with industry leaders, we’re very excited to highlight a new Agari integration with Palo Alto Networks Cortex XSOAR that helps security teams improve email threat visibility and accelerate their ability to respond to phishing attacks.This new integration is welcome news for security teams who are feeling pummeled by a never-ending onslaught of phishing attacks...
Blog

Email Security: Agari Delivers a Whole New Level of Actionable Insight to Outpace Threat Actors

CISOs and their teams are about to get some serious performance enhancers in their high-stakes race against email security threats.According to the FBI, phishing campaigns, business email compromise (BEC) scams, and other advanced email attacks have resulted in $26 billion in business losses over the course of three years. Then 2020 happened.With 75 million corporate employees even now still...
Blog

What is Email Spoofing & How to Stop Attackers from Spoofing Your Email Address

What is email spoofing, how does it work, and why is it so dangerous to your company? We’ll explain everything you need to proactively stop attackers from spoofing your email address. Email Spoofing: What Is It? Email spoofing is when a fraudster forges an email header’s ‘From’ address to make it appear as if it was sent by someone else, usually a known contact like a high-level executive or...
Blog

BEC Cash-out Methods: Email Fraudsters Experimenting With Alternative Approaches

Business email compromise (BEC) actors are exploring alternative cash-out methods for spiriting away the profits from their crimes.Traditional bank accounts have long been the go-to choice for email scammers seeking to cash out the funds they've pilfered from organizations they victimize. Just since 2016, BEC groups have defrauded businesses out of more than $26 billion worldwide. But over the...
Blog

Office 365 Phishing Emails: Prevention, Detection, Response

Office 365 phishing emails come in common patterns. I'll list them here and also cover Office 365 anti-phishing features for prevention, detection, and response.Today, the typical Office 365 phishing emails direct users to fake Office 365 Sign-in pages. The victim submits their credentials, effectively handing over their password. Fraudsters use that login to access the victim’s address book, then...
Blog

BEC Attacks: What They Are, How to Spot Them, and What to Do

Here we’ll cover what BEC attacks are, how they work, what they usually look like, and how to handle them.What is a BEC Attack? 7 Common BEC Attack Patterns Top Identity Deception Techniques How Can BEC Attacks be Stopped? What's the Best Way to Recover From a BEC Attack?What is a BEC Attack?First, let me explain what a BEC attack is. In short, Business Email Compromise phishing occurs when...
Blog

Agari Fall ' 20 Release Boosts CISO Confidence in Enterprise DMARC Deployment

With cyber gangs leveraging business email compromise (BEC) attacks that actively exploit their targets' level of DMARC adoption, CISOs have been ratcheting up email security.Until now, the need to dial up defenses against imposters posing as senior executives in email attacks has been increasingly forcing legitimate business correspondence into quarantine. The chain reaction kneecaps commerce...
Blog

Phishing: How to Protect Against Email Attacks Sent from Compromised SendGrid Accounts

Blocking SendGrid email traffic isn't a realistic option for most businesses hit by a barrage of phishing attacks emanating from compromised accounts at the Twilio-owned email service provider in recent months.Instead, Agari leverages a strategic data modeling approach to neutralize the threat while enabling legitimate SendGrid-distributed emails to safely reach employee inboxes. More on that in a...
Blog

DMARC: How Phishing Rings Can Use Your Email Authentication Controls Against You

In the first reported case of its kind, a phishing ring in Eastern Europe is exploiting companies' own Domain-based Message Authentication, Reporting and Conformance (DMARC) controls to impersonate CEOs in business email compromise (BEC) scams worth millions.As detailed in our new threat actor dossier on a group we call Cosmic Lynx, the Agari Cyber Intelligence Division (ACID) has identified the...
Blog

Business Email Compromise: New Shift in BEC Threat Landscape Puts CISOs on Notice

A seismic shift in the email threat landscape has CISOs bracing for sophisticated new forms of business email compromise (BEC) scams, as phishing's center of gravity begins to tilt from West African email scammers toward Russian and Eastern European cybercrime lords.As detailed in our new threat actor dossier on a threat group we call Cosmic Lynx, the Agari Cyber Intelligence Division (ACID) has...