Blog | Agari

Blog

Blog

Phishing & BEC Scams Soar 3000%: Agari H2 2020 Email Fraud and Identity Deception Trends Report

Coronavirus-related phishing attacks and business email compromise (BEC) scams skyrocketed 3,000% from mid-March through early June, according to mid-year analysis from the Agari Cyber-Intelligence Division (ACID). As chronicled in our H2 2020 Email Fraud & Identity Deception Trends Report, the year began with expectations of record-breaking profits for email threat groups—long before most of us...
Blog

DMARC: How Phishing Rings Can Use Your Email Authentication Controls Against You

In the first reported case of its kind, a phishing ring in Eastern Europe is exploiting companies' own Domain-based Message Authentication, Reporting and Conformance (DMARC) controls to impersonate CEOs in business email compromise (BEC) scams worth millions.As detailed in our new threat actor dossier on a group we call Cosmic Lynx, the Agari Cyber Intelligence Division (ACID) has identified the...
Blog

Business Email Compromise: New Shift in BEC Threat Landscape Puts CISOs on Notice

A seismic shift in the email threat landscape has CISOs bracing for sophisticated new forms of business email compromise (BEC) scams, as phishing's center of gravity begins to tilt from West African email scammers toward Russian and Eastern European cybercrime lords.As detailed in our new threat actor dossier on a threat group we call Cosmic Lynx, the Agari Cyber Intelligence Division (ACID) has...
Blog

Cosmic Lynx: A Russian Threat Hits the BEC Scene

“At some point, Russian and Eastern European cybercriminals are going to start thinking to themselves, ‘Why am I spending all of this time and money setting up infrastructure and hiring malware developers when I can just send someone an email, ask them to send me money, and they’ll do it.’”For more than a year, this is a line we have used over and over again, expecting that some of the world’s...
Blog

Agari Summer '20 Release: CISOs Gain Unique Threat Intel to Their Organizations

With business email compromise (BEC) scams up sharply amid the coronavirus pandemic, CISOs have been forced to scour an expanding but largely inscrutable email threat landscape in hopes of fending off costly attacks—until now, that is.In an industry first, the new Agari Summer '20 Release offers CISOs access to real-world intelligence on specific phishing threats unique to their organizations...
Blog

Forrester: Agari Phishing Defense Works a 97% ROI Over Three Years

A new Total Economic Impact (TEI) Study from Forrester finds that Agari Phishing Defense™ (APD) delivered results 36% faster than competing solutions, and results in a 97% ROI in just three years.But it turns out that's just the warm-up act.TEI reports are designed to help organizations accurately evaluate potential IT initiatives. In this instance, we commissioned the study so Forrester analysts...
Blog

Phishing: With Zero-Day Email Attacks Rising, Are Some Companies Giving Up the Fight?

Amid a troubling rise in zero-day phishing attacks, recent research suggests that some companies may be making an ill-advised shift away from blocking advanced email threats to responding to them post-delivery. If true, the capitulation couldn't come at a worse time. Since January, cybercriminals taking advantage of the COVID-19 outbreak have been targeting businesses and individuals with an...
Blog

Preventing Phishing Attacks:  The Dangers of Two-Factor Authentication

Are you protecting your remote workers against an endless barrage of COVID-19 related phishing attacks by requiring 2-factor authentication (2FA) to log into employee email accounts? Smart move—just don't let it give you a false sense of security.
Blog

Business Email Compromise (BEC): W2 Scams Make an Unexpected Comeback in 2020

After barely registering a pulse last year, W2-based business email compromise (BEC) scams are back with a vengeance thanks to coronavirus-related business upheaval. With the 2019 tax filing deadline pushed back to July 15, 2020, and as much as 66% of all corporate employees working from home, operations for many companies have been anything but business as usual. Still we are surprised to see a...
Blog

Scattered Canary Cybercrime Ring Exploits the COVID-19 Pandemic with Fraudulent Unemployment and CARES Act Claims

Recently, news broke about how a sophisticated Nigerian cybercriminal organization has been committing mass unemployment fraud against a number of states, including Florida, Massachusetts, North Carolina, Oklahoma, Rhode Island, Washington, and Wyoming. Based on information uncovered by the Agari Cyber Intelligence Division, some, if not all, the actors behind these fraudulent schemes are likely...
Blog

Hosted DMARC: Accelerating Protection Against Email-based Brand Jacking Scams

The coronavirus pandemic is shining a spotlight on the importance of hosted Domain-based Message Authentication, Reporting, and Conformance (DMARC) to prevent cybercriminals from hijacking an organization's domains to launch phishing attacks that put the public at risk.A case in point - the World Health Organization (WHO). The UN's international public health agency has been issuing warnings since...
Blog

Business Email Compromise (BEC) Scams: COVID-19 Related Email Attacks Top Threat to Financial Services

With billions of dollars in stimulus being earmarked for US companies and individuals reeling from the economic fallout of the coronavirus pandemic, business email compromise (BEC) rings are angling for a piece of the pie. At the top of the menu: banks, lenders, and other financial services organizations chartered with managing key facets of this unprecedented distribution effort. But for an...
Blog

COVID-19 Credential Phishing Scams: Feeding Off Coronavirus Fears

Since the beginning of February, we have seen more than a 3,000% increase in Coronavirus-themed phishing attacks targeting our customers. The spike in attacks is as logical as it is repugnant. With an estimated 75 million employees more reliant than ever on email during the largest "work-from-home experiment" in history, phishing scammers and other threat actors seem hellbent on exploiting...
Blog

Phishing and BEC Scams Targeting Remote Workers are on the Rise

Government officials are issuing fresh warnings about COVID-19 related business email compromise (BEC) scams targeting legions of remote workers participating in what has become "the world's largest work-from-home experiment." The troubling rise in success rates for these attacks could have serious implications for the future of email security. In just the last few weeks, cybercriminals...
Blog

Romance Scams and Business Email Compromise in the Time of Coronavirus

As cybercrime gangs exploit COVID-19 to target the lonely, victims (and their banks) could get jilted out of millions.Law enforcement agencies around the world are reporting a surge in romance scams as fraudsters seek to cash in on the profound loneliness many people are feeling due to social distancing amid the coronavirus pandemic.Those who fall prey could face financial ruin or get conned into...
Blog

As More Phishing Attacks Evade Detection, Increased Automation and Visibility Are Key

With a growing number of phishing attacks successfully eluding email security controls, losses for businesses and their customers have been mounting fast—and that's before the current tsunami of email scams seeking to exploit the coronavirus pandemic. The good news: Our Spring '20 Release is here to help change that. Since the beginning of March, Agari scored more than 73 million inbound messages...
Blog

BEC Gift Card Scams Move Online During COVID-19 Pandemic

With 60 million corporate employees working remotely due to the Coronavirus outbreak, cybercriminals are switching up their tactics in business email compromise (BEC) scams.In what has been called the "world's largest work-from-home experiment," organizations around the globe are being forced to quickly transition to a remote workforce, ready or not. Cybercriminals have opportunistically adjusted...
Blog

Business Email Compromise (BEC): Security Risks from your 'Out-of-Office' Reply

As if coronavirus hasn't put enough of a damper on vacation schedules this spring, corporate employees taking time off might want to rethink their "out of office" email settings for fear a different threat: Business Email Compromise (BEC) scams.Sure, the temptation to share humorous details about your big spring adventure can be irresistible for a certain species of corporate denizen (especially...
Blog

BEC Scams: Healthcare Providers Reeling from Coronavirus-Themed Email Attacks

Even as a handful of leading cybercriminal organizations declare a moratorium on targeting the healthcare sector in the face of the coronavirus pandemic, countless other crime rings appear to be ramping up—including business email compromise (BEC) scammers. Forget honor among thieves, or even basic self-preservation. Email threat actors the world over are launching an unprecedented number of...
Blog

Business Email Compromise (BEC): Coronavirus a Costly New Strain of Email Attack

Unique BEC Approach May Be a Sign of Things to Come in the Age of COVID-19Amid a sharp rise in coronavirus-related phishing attacks worldwide, the Agari Cyber Intelligence Division (ACID) has identified what may be the first documented use of the pandemic as a lure in an emerging breed of business email compromise (BEC) scams that can fleece businesses out of millions. In January, we published a...