Blog | Agari

Blog

Blog

Advanced Strategies for Testing Async Code in Python

Creating a future where all of our customers can trust their inbox can push Agari engineers to the limits of available technologies. In fact, handling the scaling requirements of Agari Phishing Defense has led our Sensor team to test some of the most advanced features of the Python programming language. To maintain quality while using these features, our team created some of the first approaches...
Blog

New Location, New Dates, Same Great Experience: Announcing Trust 2020

Despite best efforts over the past decade, email security is broken. Human defenses cannot protect us from nefarious attacks, and cybercriminals continue to exploit human trust to run sophisticated attacks at scale. This is the reality of our current environment. Unfortunately, email will continue to be the attack surface of choice until the economic equation is reversed for the crime rings behind...
Blog

Expanding Email Security One Post at a Time — Experiences of a Digital Marketing Intern

Agari is more than an email security company that detects cyberattacks. It is a community that supports career growth. Working at Agari over the summer course, I had the opportunity to participate in marketing projects and develop new skill sets that will enable me to be more successful both at school and post-graduation.The Task At Hand As a digital marketing intern, I became familiar with...
Blog

Social Engineering: The Weapon of Choice for Email Scammers

The recent Internet Crime Report from the FBI showcasing the growth of business email compromise (BEC) from a $700 million problem to a $1.3 billion problem over the course of only one year was certainly alarming. It showcases just how much cybercrime is growing, despite increased defenses across organizations worldwide. But one key element stands out for me—the fact that none of these attacks...
Blog

Brand Impersonation and Look-alike Domains: How Cybercriminals are Hurting Tech Brands

Here’s some earned media you don’t want for your brand—headlines announcing that your customers are victims of a “nasty phishing scam” or that your “accounts are under attack.” Verizon and Microsoft have had to manage those headlines in recent months. And other tech companies are vulnerable to the same kind of brand damage right now. That’s because organized cybercriminals are going all-in on...
Blog

Building a Career at Agari: One Designer’s Experience

Being a user experience (UX) designer and managing design teams is a rewarding job. I should know since I’ve been a UX designer and manager for the last twenty years. During that time I’ve had several opportunities where I progressed from being the only designer in a company to growing and managing a design team. Agari is the most recent, and my favorite, example of that pattern. My Agari Journey...
Blog

The “I’s” Have It: How BEC Scammers Validate New Targets with Blank Emails

Have you ever received a blank email from someone you don’t know? If you have, it may have been from a cybercriminal making sure your email account is legitimate prior to a BEC attack.We released a report on a business email compromise (BEC) cybercriminal group named London Blue in December 2018. The report dove into the organizational structure of West African criminal groups and described how...
Blog

DMARC Quarantine vs. DMARC Reject: Which Should You Implement?

You did it! You implemented DMARC and authenticated your email domains. This is no easy feat in itself and now, after DNS requests, third-party conference calls, and writing internal policies, you are ready... It’s time for a stricter DMARC policy.If your DMARC policy has been set to p=none for months, you've likely had the chance to review who is sending email under your brand name and determine...
Blog

How to Stop Phishing and BEC Attacks from Compromised Email Accounts

As email scammers become more sophisticated and cybercriminals expand their tactics, phishing and BEC attacks from compromised email accounts continue to rise in popularity. We’ve seen a 35% increase in attacks launched from compromised accounts in the last six months. This means that email account takeover-based threats are more prevalent than ever before. And since this is the hardest attack...
Blog

Internal Intruders: Stopping Insider Threats Requires Smarter Tech and Better Training

Security incidents hit 81% of organizations over the past twelve months, and internal threats pose a serious challenge for security teams, according to a new report from Osterman Research. The latest research says that the most common incidents are advanced threats—including spear phishing, social engineering, and account takeover-based attacks. The report also says that too many organizations “do...
Blog

Email @ttack: Why Identity Deception is Your #1 Threat

Want to know how email became the number one attack vector for cybercriminals? Look no further than this phishing test at a major financial services firm in which more than one executive clicked through to a fraudulent link. Making matters worse, the email read: "This is a phishing test. Clicking the link below will cause harm to your computer." Don't laugh. In a 2017 employee survey, 46% of...
Blog

2020 Presidential Candidates Remain Vulnerable to Email Fraud Despite Increased Warnings

Only three months ago, the Agari team published our first in-depth analysis on how the top candidates for the US presidency compared when it comes to email security. The kinds of email attacks that helped derail Hillary Clinton’s candidacy in 2016 are only getting more sophisticated, and new data released today shows that campaigns are not taking the threat as seriously as they should. The Q3 2019...
Blog

Using ML to Stop Latent Email Attacks That Dodge Early Detection

When implemented effectively, real-world deployments of machine learning (ML)-based email security can block business email compromise (BEC) scams, phishing campaigns, and other advanced email threats. But sometimes, it's what happens when a malicious email is somehow able to evade early detection that can matter most to that effort. According to recent research, 22.9 phishing attacks are launched...
Blog

BIMI Moves Forward as Google Commits to Pilot Program

BIMI is going big time like never before—and brands won't want to get left behind. In a major announcement this week, Internet search giant Google revealed it has joined the AuthIndicators Working Group and committed to a pilot program for BIMI. For those unfamiliar with the term, Brand Indicators for Message Identification (BIMI) is a standardized way for inboxes to display brand logos beside...
Blog

Weaponizing Accounts Receivable

Receipts and invoices—two accounting powerhouses that require little introduction. But step a little further into the world of finance and accounts, and you can quickly become a fish out of water, as the terminology to this numerical land seems to multiply exponentially.That said, in some of our recent active defense engagements with BEC cybercriminals, we have observed a new way scammers are...
Blog

Businesses Grow More Vulnerable to Email Attacks, Even with Improved Defenses

Cybercriminals increasingly use new forms of identity deception to launch an email attack to target your weakest link: humans.Call it a case of locking the back window while leaving the front door wide open. Throughout the last year, a number of reports have surfaced about sophisticated cyberattacks that are proving all too successful at circumventing the elaborate defenses erected against them...
Blog

Restoring Trust to Digital Communications: How Smart Communities Model the Good

Legacy email security systems are failing, as more enterprises migrate their emails to the cloud and cyber-attacks become more professional and difficult to detect. Companies in all industries and government agencies simply are not moving fast enough to counter the increasingly sophisticated threats like business email compromise (BEC) and account takeover attacks. The first part of this two-part...
Blog

‘Til Death Do Us Part… Romance Scams and the BEC Game

When we think of business email compromise (BEC), the first thing that comes to mind is likely an executive spoof—an email sent to an employee from someone pretending to be the CEO or other high-profile executive. One of the things that people don’t traditionally think about is love, or more specifically, the role that romance victims play in the BEC game. Behind the Scenes with a Romance Scam...
Blog

BEC: Just Defend Against Business Email Compromise or Strike Back?

With losses from business email compromise rising fast, the active defense movement is generating buzz—but what are the ramifications? Why just raise the shield without wielding the sword, too? Organizations in the United States shouldered over one billion in losses from BEC in the last year alone, so the notion of using active defense measures that strike back at fraudsters seems to be gaining...
Blog

How to Win the Competition for Top Talent—And Keep Your New Hires on Board

What is the biggest obstacle right now to recruiting and retaining great talent? Simply put, there is not enough supply to meet demand—and there may not be any time soon. The most recent jobs data put the national unemployment rate at 3.6%, the lowest it’s been in half a century. Across the country, there are more open jobs than people without work. That means employers in industries from tech to...