Blog

Blog

Romance Scams and Business Email Compromise in the Time of Coronavirus

As cybercrime gangs exploit COVID-19 to target the lonely, victims (and their banks) could get jilted out of millions. Law enforcement agencies around the world are reporting a surge in romance scams as fraudsters seek to cash in on the profound loneliness many people are feeling due to social distancing amid the coronavirus pandemic. Those who fall prey could face financial ruin or get conned...
Blog

As More Phishing Attacks Evade Detection, Increased Automation and Visibility Are Key

With a growing number of phishing attacks successfully eluding email security controls, losses for businesses and their customers have been mounting fast—and that's before the current tsunami of email scams seeking to exploit the coronavirus pandemic. The good news: Our Spring '20 Release is here to help change that. Since the beginning of March, Agari scored more than 73 million inbound messages...
Blog

BEC Gift Card Scams Move Online During COVID-19 Pandemic

With 60 million corporate employees working remotely due to the Coronavirus outbreak, cybercriminals are switching up their tactics in business email compromise (BEC) scams. In what has been called the " world's largest work-from-home experiment ," organizations around the globe are being forced to quickly transition to a remote workforce, ready or not. Cybercriminals have opportunistically...
Blog

Business Email Compromise (BEC): Security Risks from your 'Out-of-Office' Reply

As if coronavirus hasn't put enough of a damper on vacation schedules this spring, corporate employees taking time off might want to rethink their "out of office" email settings for fear a different threat: Business Email Compromise ( BEC ) scams. Sure, the temptation to share humorous details about your big spring adventure can be irresistible for a certain species of corporate denizen...
Blog

BEC Scams: Healthcare Providers Reeling from Coronavirus-Themed Email Attacks

Even as a handful of leading cybercriminal organizations declare a moratorium on targeting the healthcare sector in the face of the coronavirus pandemic, countless other crime rings appear to be ramping up—including business email compromise (BEC) scammers. Forget honor among thieves, or even basic self-preservation. Email threat actors the world over are launching an unprecedented number of...
Blog

Business Email Compromise (BEC): Coronavirus a Costly New Strain of Email Attack

Unique BEC Approach May Be a Sign of Things to Come in the Age of COVID-19 Amid a sharp rise in coronavirus-related phishing attacks worldwide, the Agari Cyber Intelligence Division (ACID) has identified what may be the first documented use of the pandemic as a lure in an emerging breed of business email compromise (BEC) scams that can fleece businesses out of millions. In January, we published a...
Blog

Phishing & Business Email Compromise (BEC): How Law Firms Can Protect Against Email Scams

The legal sector is learning some painful lessons about the growing threat phishing and business email compromise (BEC) scams pose to legal firms' brand reputations—and to their bottom lines. Just ask the five US law offices believed to be hit in recent weeks by email attacks that led to sensitive client information getting posted online in million-dollar extortion schemes fueled by Maze...
Blog

DMARC Report: 85% of Fortune 500 Leave Their Customers Vulnerable to Impersonation Scams

Despite increased adoption of Domain-based Message Authentication, Reporting, and Conformance (DMARC), the vast majority of Fortune 500 companies remain at risk of email-based brand impersonation, according to our new Q1 2020 Email Fraud & Identity Deception Trends report. According or the report, global DMARC adoption rates surged 83% in 2019, to more than 11.6 million email domains with...
Blog

BEC & What $1.7 Billion in Losses Means for Email Security

Cybercriminal organizations keep raking in big profits from BEC scams, phishing attacks, and other advanced email threats that continue to prove successful, according to the FBI's new 2019 Internet Crimes Report . Issued this past week, the annual report from the bureau's Crime Complaint Center (IC3) finds US businesses and individuals lost $3.5 billion to cybercriminals in a record 467,361 scams...
Blog

Business Email Compromise (BEC) and G Suite: How the Exaggerated Lion Cybercrime Group Cashes Out

Business email compromise (BEC) has become the predominant cyber threat businesses face today. These basic social engineering scams are having a huge impact, to the tune of more than $700 million every month. To make matters worse, the recently-released Internet Crime Report from the FBI’s Internet Crime Complaint Center shows that BEC isn’t going away any time soon, as losses from BEC attacks...
Blog

Damages from Business Email Compromise (BEC) Top the 2019 FBI IC3 List

Business Email Compromise (BEC) was solely responsible for over 40% of the total cybercrime losses in 2019, at least according to the latest FBI IC3 report . The FBI’s Internet Crime Complaint Center (IC3) has released its latest Internet Crime Report with data on cybercrime impact in 2019. Corporate data breaches, which lead to leaked databases, documents, and bad press coverage for the company...
Blog

Business Email Compromise (BEC) Report: 62% of Scams Target Gift Cards, False Positives Trip Up Phishing Response

Gift cards topped cybercriminal wish lists in 62% of all business email compromise (BEC) scams last quarter, according to our Email Fraud & Identity Deception Trends report . Hardly a shock, given the holiday season. But that doesn't mean there aren't any surprises in the research. The report, published by the Agari Cyber Intelligence Division (ACID), examines the current threat landscape for BEC...
Blog

DMARC and Lookalike Domains: How to Protect Your Customers from Getting Duped

Hint: DMARC Alone Won't Cut It Think the prospect of cybercriminals using your domains to launch phishing attacks sounds bad for your brand? Just wait until you hear the latest on lookalike domains. Over the last few months, researchers have been discovering a troubling number of phishing sites that feature domains meant to impersonate leading brands in a variety of industries. Sometimes referred...
Blog

Phishing, BEC and the Supply Chain: Why Your BEC Attack Surface is Bigger Than You Think

Thanks to the rapid rise of email account takeovers, organizations worldwide are being forced to accept a painful new reality in the battle against phishing and business email compromise (BEC) scams. It's no longer enough to focus on your own attack surface. You need to protect against compromised accounts throughout the supply chain. Commonly referred to as vendor email compromise (VEC), this...
Blog

W2 Scams and Business Email Compromise (BEC): 3 Reasons Advanced Email Threats Are About to Get Worse

With the season for W2 scams upon us, rapidly evolving email threats suggests these and other business email compromise (BEC) attacks targeting corporate financial departments may be about to go from bad to worse. Each January, US-based businesses begin distributing W2 forms to employees, documenting earnings, tax withholding, Social Security numbers, and other sensitive information that must be...
Blog

Email Security Gaps Put Transportation Companies and Public Safety at Risk

Don't be surprised if heightened tensions with Iran, China and Russia push email security to the top of every CISO's agenda this year—including those in the transportation industry. It's well known that the threat posed by phishing in the transportation sector has surged over the last year. But now, an email attack leading to the theft of radioactive materials from a cargo ship, a serious train...
Blog

Phishing Attacks: Top 3 Reasons Healthcare Employees Are Prime Targets

A growing body of evidence suggests employees throughout the healthcare sector may be uniquely vulnerable to phishing attacks. If finding itself a growing target for cybercriminals weren’t bad enough, the industry is also seeing associated lawsuits piling up. Montana-based Kalispell Regional Healthcare was recently hit with a suit after it disclosed that multiple employees had fallen victim to...
Blog

Ancient Tortoise: A Deeper Look at the Aging Report BEC Attack Chain

Back in July, we wrote about an emerging trend we have observed that involves attackers requesting aging reports from Business Email Compromise (BEC) targets. As we discussed in that post , aging reports are used by finance teams to track unpaid customer invoices. These reports are integral in the accounts receivable realm to maintain visibility into a supplier’s payment collection process. Aging...
Blog

BEC Scams: Expert-Validated Intelligence Feed Defends Against Business Email Compromise

As 2020 gets underway, business email compromise (BEC) scams and phishing attacks are expected to get a whole lot worse. But today, a new form of expert-curated BEC intel promises to help organizations stay ahead of emerging attacks like never before possible. Businesses can use all the help they can get. With more than $8.6 billion lost to BEC and variants such as vendor email compromise (VEC) in...
Blog

DMARC for Transportation: How to Stop Email-based Brand Impersonation Attacks

Can an email authentication protocol known as DMARC protect freight and package carriers from brand impersonation attacks targeting their customers? Stop me if this sounds familiar: Your customers are scrolling through email and come across a message from your company asking for details to straighten out a delivery snafu. They follow the link, update their info, and move on to their next task. But...