With Valentine’s Day celebrated around the world, today is a day full of love and joy—especially for those in committed relationships. People around the globe are celebrating their relationships by sending flowers and chocolates, enjoying fancy dinners, and writing love notes in greeting cards. Unfortunately, not all relationships are legitimate, and not everyone sees today as a celebration of...

If US-based companies don't start automating phishing incident response processes within their SOCs, they could be SOL, according to new data captured in our Q1 2019 Email Fraud & Identity Deception Trends Report . That's because while businesses strive to implement security controls to prevent phishing attacks and any subsequent data breaches, the Security Operations Centers they rely on to...

Within the Agari Cyber Intelligence Division (ACID) , we regularly engage with BEC threat actors using active defense techniques . Recently, during one of our investigations into a group comprised of these threat actors, we observed several scammers taking advantage of a “feature” that Google has built into Gmail addresses. While Google sees this as an advantage of consumers, cybercriminals are...

First, An Apology Sorry, demand generation professionals. We still love you and your jobs aren’t going away. But, as you are well aware, the B2B buyer journey has changed—dramatically. Your roles, measurements, data sources, and tool sets have also transformed. All for the better. Meanwhile, building quality pipeline is becoming harder, as is capturing the mindshare of time-starved buyers who are...

A federal sting operation dubbed "Operation Gold Phish" has led to the arrest of nine people accused of bilking at least 18 victims out of $2 million through socially-engineered romance scams over the last two years. As first reported on December 19, the defendants are accused of manipulating victims into becoming unwitting money mules in an alleged wire fraud operation. According to the Chicago...

Memo to hospitals and healthcare providers: A growing number of phishing scams are targeting consumers—including your customers and patients—through email messages that appear to come from your brand. As these attacks continue to rise in coming months, they could cost consumers—and your brand—plenty. Without a doubt, the spear phishing and business email compromise schemes that target your...

Business email compromise (BEC) fraud is a lucrative venture, and now that industry is expanding in a troubling way—by lowering the barrier to entry so that anyone with a couple hundred bucks can outsource a BEC attack. BEC criminals are organized, behaving in many ways like legitimate businesses . And just like any successful company in a growing industry, these criminals are looking to add...

Mergers and acquisitions can build your company's value overnight, but business email compromise (BEC) and data breaches can tear it down just as quickly. Too often, M&A announcements are followed by waves of BEC attacks against the companies involved, or by news that the target company was the victim of a data breach. To get the most value from a merger or acquisition, you need to know how to...

Human resources departments are the epitome of task ownership, carefully and efficiently connecting an organization’s needs with that of its employees. Employees in HR are tasked with recruitment, onboarding, and employee relations, and oftentimes handle payroll and benefits. Because of their wide reach, threat actors are now turning their attention to this organizational pipeline as they continue...

As the healthcare industry closes the books on 2018, it is still reeling from more than 327 major data breaches that exposed personal health information (PHI) on at least 9.8 million US citizens this past year. Sixty percent of the attacks reported to federal authorities involved phishing or other email attacks , impacting up to 5.88 million individuals. And the costs can be steep. According to...

More than $9 billion in direct losses from advanced email threats. $1 billion in ransomware payments. Six million personal identity records stolen every 24 hours—at an average cost of $7.9 million per breach. If you think the crushing losses stemming from an endless barrage of spear-phishing schemes, business email compromise (BEC) scams, and other advanced email attacks were bad in 2018, just...

Osterman Research has released a new industry report warning that many organizations will likely need to augment their Microsoft Office 365 implementations with best-in-class, third-party solutions—especially when it comes to advanced email threat protection. That's not an indictment of Microsoft, mind you. In fact, Osterman researchers point out that O365 is quickly proving to be a capable and...

A breach itself is bad enough, but the time it takes an organization to discover and contain that breach is where the majority of costs are incurred. Just ask Marriott. Or Equifax. Or Under Armour. When a phishing attack occurs, it takes an average of 197 days before it's discovered —and an additional 69 days to contain it. In many cases, such as the recently discovered breach at Marriott, it can...

Our recent report on London Blue, the cybercrime network that has amassed a list of 50,000 finance executives targeted for upcoming business email compromise (BEC) scams was alarming. But what makes it worse is that London Blue is not the only group of sophisticated cybercriminals out there. Phishing and other email attacks have jumped 50% in the last three months. The FBI is warning accounting...

Marriott Hotels, Dunkin Donuts, even the House GOP. During the final quarter of 2018, a host of high-profile data breaches and cyberattacks have made major headlines. Some stemmed from business email compromise (BEC) scams, spear phishing campaigns, or other advanced email threats. Others are expected to help fuel such attacks in the future. A few might see somebody fight back through innovative...

By the end of this year, 77% of all enterprises will have moved at least some of their operations into the cloud—including email. At the same time, we're seeing that fraudsters have been doing some modernizing of their own. Tactics that were once the domain of nation states are now being adopted by increasingly networked cybercrime organizations. Exploiting the same targeting and lead generation...

California has witnessed its most deadly and destructive wildfire on record during the month of November. As the Camp Fire blazes on, more than 70 people have died, hundreds are still missing, and in some cases, entire towns have been reduced to little more than ashes. What’s more is that impending rain threatens to bring mudslides and further destruction to an already ravaged area. Despite the...

Editor's Note: This article is Part 2 in a three-part series based on findings from the Q4 2018 Email Fraud & Identity Deception Trends report. Click here to read Part 1 . First there's the good news: 51% percent of Fortune 500 companies have adopted DMARC, the open email-authentication standard designed to prevent fraudsters from impersonating brands in email scams, according to the Email Fraud &...

Want to get a sense of the carnage being caused by business email compromise (BEC) attacks? Look no further than an October 16 report from the Securities and Exchange Commission on an investigation into nine publicly-traded companies that were swindled out of $100 million through BEC scams . It isn't pretty. According to the report, one of these companies made 14 separate wire payments for fake...

Phishing, Business Email Compromise (BEC) , and other email attacks still involve display name deception—with Microsoft, and Amazon are still impersonated in many of these identity deception attacks. (Part 1 of 3) Display name deception techniques are now used in a majority of business email compromise (BEC) scams and other advanced email attacks targeting a growing number of companies, according...