Blog | Agari

Blog

Blog

Beyond DMARC: What It Really Takes to Ensure Email Security

As important as Domain-based Message Authentication, Reporting & Conformance (DMARC) is to the fight against Business Email Compromise (BEC) and other advanced email threats, it's really just the first piece of the email security puzzle. And it certainly won't cut it alone.Don't get me wrong. We've talked a lot about just how vital DMARC is to stopping email-based impersonation attacks. When...
Blog

Phishing Attacks: Why Energy Companies and Utilities Are Getting Zapped

The Wall Street Journal's report that a dozen US-based utilities were targets in a recent wave of coordinated phishing attacks should set off alarm bells throughout the sector and beyond. Energy producers and utilities don't just keep the lights on. They play a unique role in a country's critical infrastructure, encompassing economic health, public safety, and national security—making them...
Blog

Business Email Compromise (BEC): Putting $26 Billion in Known Losses into Context

Over the last four years, the information security community has learned a lot about business email compromise (BEC) and the inner workings of Nigerian cybercrime rings who have made it their mainstay. We know BEC fraud has been reported in all 50 states and in 177 countries worldwide. We know that since June 2016, over $26 billion has been lost as a result of BEC. But we also know that even at...
Blog

BEC Attacks on the Rise in Europe: 2019 Email Threat Survey

Business email compromise (BEC) scams, phishing campaigns, and other targeted email attacks happen all over the world, but they don’t take the same form in every region. To better understand the threat landscape for organisations in Europe, the Agari Cyber Intelligence Division (ACID) surveyed 305 senior European IT security professionals from a range of industries attending Infosecurity Europe...
Blog

Microsoft Office 365 + Secure Email Cloud: All You Need in a Cloud-First World

You’ve heard the statistics…more than 70% of all business users will be provisioned with cloud office applications in the next two years, including email. It’s an overdue modernization that eliminates physical infrastructure to drive cost savings and integrate services for improved productivityChasing this move, cybercriminals intent on account takeover are evolving their tactics, targeting end...
Blog

Executives Beware! Individual Impersonation Now Comprises Nearly a Quarter of All BEC Scams

If you’ve ever received a fake email from one of your “executives” asking for a quick request, you’re not alone. In fact, new research from the Agari Cyber Intelligence Division shows that individual impersonation attempts now comprise nearly a quarter of all BEC attacks. This is an increase from the last quarter, when this type of scam made up only 12% of all attacks. Gift Cards Remain On Top...
Blog

2020 Election Survey: 60% of Voters May Reject Candidates Who Fall Victim to Phishing

With the 2020 US presidential election only 12 months away, a new survey of registered voters suggests email security against phishing attacks could be a make-or-break issue for candidates—and for our democracy. The online survey of 803 registered voters in the United States was conducted from October 10-16 by our internal research team, the Agari Cyber Intelligence Division (ACID). Its goal was...
Blog

Call for Speakers: Showcase Your Email Security Expertise at Trust 2020

Time is running out to join industry thought leaders as a featured speaker at Trust 2020, The Next Generation Email Security Conference, on April 15-17 in Los Angeles. The deadline to submit topics for consideration is October 31, 2019. Trust 2020 is an exclusive, two-day customer event where senior security leaders from a wide range of industries converge to share thought-provoking ideas and...
Blog

The Threat Taxonomy: A Working Framework to Describe Cyber Attacks

Imagine going to the doctor and only being able to say “pain” or “sick”. You can’t say where you feel the pain, or what type of pain, or what is making you sick. Without this information, it is nearly impossible for the doctor to know how to treat you. From a cybersecurity perspective, this is very much like calling every email attack a “phishing attack" or even a “hack”. It limits the ability to...
Blog

Celebrating 10 Years as the First Agarian

As Agari celebrates our 10th anniversary, I've had the opportunity to reflect on the last decade as an Agarian and how my life has changed as a result of my work with this company. It has been an undeniably exciting ten years, but also one full of challenges as we solve some of the hardest problems in email security. Fulfilling Our Mission I joined Agari when it was called Authentication Metrics...
Blog

Battling the Bad Guys for 10 Years

When we first flipped on the lights in 2009, we knew we were embarking on an endeavor that wouldn’t be achieved overnight. We wanted to be deliberate, to build a rock-solid foundation—not a quick fix—that would support an email security ecosystem. We anticipated the hefty innovation and investment needed. But we also knew that investment would ultimately yield a durable solution that would change...
Blog

The Intelligent Inbox: Email Security of Tomorrow, Today

If you want to know why business email compromise (BEC) and other advanced email attacks keep working so well, just ask Dilbert. In one particularly biting installment of Scott Adams' popular workplace comic strip, our tech geek hero sits in his cubicle perusing an email that reads, "Enter your bank account number." Dilbert's thought bubble reads "Scam." Quick cut to engineer Alice. Same email...
Blog

Expect Increased SOC Costs from Jump in Employee-Reported Phishing Incidents

Awareness. Detection. Containment. Remediation. All necessary steps in the phishing incident response process for SOC analysts. Unfortunately, each of these steps takes time, and that time comes at a cost. According to the new Q3 2019 Email Fraud and Identity Deception Trends report form the Agari Cyber Intelligence Division (ACID), employees now report an average 33,108 phishing incidents to...
Blog

V is for Vendor: The Emergence of Vendor Email Compromise

Business email compromise (BEC) has grown into a billion dollar industry as cybercriminals use look-alike domains and display name deception to trick employees into revealing sensitive information, depositing money into criminally-owned bank accounts, and sending thousands of dollars in gift cards via email—all without ever touching a legitimate email account. When these criminals do gain access...
Blog

How to Prevent Phishing Attacks that Target Your Customers with DMARC and Office 365

Editor's Note: This post originally appeared on the Microsoft Security blog and has been republished here. You already know that email is the number one attack vector for cybercriminals. But what you might not know is that without a standard email security protocol called Domain Message Authentication, Reporting, and Conformance (DMARC), your organization is open to the phishing attacks that...
Blog

How to Stop Phishing Message Voicemail Attacks

At Agari we often talk about the evolving nature of advanced email attacks and the identity deception tactics that go with them. These attacks bypass legacy controls and like a magician delighting a curious audience, they trick the human psyche by targeting core human emotions such as fear, anxiety and curiosity. Of course, the magic in this case comes with ill intent.A good example of a...
Blog

Whitelisting Won't Protect You From BEC… Here’s Why

The 250% increase in business email compromise (BEC) scams over the past year should concern every organization, as should estimates of $26 billion in losses over the last five years from these attacks. While some organizations consider whitelisting their email lists to provide protection, occasionally encouraged by their email security provider, this strategy simply will not work with the ever...
Blog

9:00 AM on a Tuesday: The BEC Sweet Spot

Business email compromise (BEC) scams continue to grow at an unprecedented rate, with more sent by cybercriminals every single day. While they often differ in approach, recent research from the Agari Cyber Intelligence Division (ACID) shows that these text-based phishing attacks possess some commonalities that make them easier to spot. BEC was a $1.3 billion dollar problem in 2018, and if past...
Blog

Ensuring DMARC Compliance for Third-Party Senders

Marketo. Salesforce. Eloqua. Bamboo HR. Zendesk. It only takes a minute to realize how much organizations love third-party senders. They are typically responsible for sending our important customer notifications, marketing promotions, prospecting emails, and even employee information.Because their mail is so important to your business, we should do what we can to help them become DMARC compliant...
Blog

Rolling Into Raleigh: Agari Expands RTP Presence to Accommodate Growth

When I joined Agari five years ago, I worked out of my home office in Raleigh, where all I needed was a good internet connection and access to a well-connected airport like RDU. At the time, there were only two employees in the area and thus, there was little need for an Agari office outside of headquarters in Silicon Valley. But with a mission as ambitious as ours—to protect digital...