A breach itself is bad enough, but the time it takes an organization to discover and contain that breach is where the majority of costs are incurred. Just ask Marriott. Or Equifax. Or Under Armour. When a phishing attack occurs, it takes an average of 197 days before it's discovered —and an additional 69 days to contain it. In many cases, such as the recently discovered breach at Marriott, it can...

Our recent report on London Blue, the cybercrime network that has amassed a list of 50,000 finance executives targeted for upcoming business email compromise (BEC) scams was alarming. But what makes it worse is that London Blue is not the only group of sophisticated cybercriminals out there. Phishing and other email attacks have jumped 50% in the last three months. The FBI is warning accounting...

Marriott Hotels, Dunkin Donuts, even the House GOP. During the final quarter of 2018, a host of high-profile data breaches and cyberattacks have made major headlines. Some stemmed from business email compromise (BEC) scams, spear phishing campaigns, or other advanced email threats. Others are expected to help fuel such attacks in the future. A few might see somebody fight back through innovative...

By the end of this year, 77% of all enterprises will have moved at least some of their operations into the cloud—including email. At the same time, we're seeing that fraudsters have been doing some modernizing of their own. Tactics that were once the domain of nation states are now being adopted by increasingly networked cybercrime organizations. Exploiting the same targeting and lead generation...

California has witnessed its most deadly and destructive wildfire on record during the month of November. As the Camp Fire blazes on, more than 70 people have died, hundreds are still missing, and in some cases, entire towns have been reduced to little more than ashes. What’s more is that impending rain threatens to bring mudslides and further destruction to an already ravaged area. Despite the...

Editor's Note: This article is Part 2 in a three-part series based on findings from the Q4 2018 Email Fraud & Identity Deception Trends report. Click here to read Part 1 . First there's the good news: 51% percent of Fortune 500 companies have adopted DMARC, the open email-authentication standard designed to prevent fraudsters from impersonating brands in email scams, according to the Email Fraud &...

Want to get a sense of the carnage being caused by business email compromise (BEC) attacks? Look no further than an October 16 report from the Securities and Exchange Commission on an investigation into nine publicly-traded companies that were swindled out of $100 million through BEC scams . It isn't pretty. According to the report, one of these companies made 14 separate wire payments for fake...

Phishing, Business Email Compromise (BEC) , and other email attacks still involve display name deception—with Microsoft, and Amazon are still impersonated in many of these identity deception attacks. (Part 1 of 3) Display name deception techniques are now used in a majority of business email compromise (BEC) scams and other advanced email attacks targeting a growing number of companies, according...

Over the past 6 months, 100% of Agari customer brands and more than 80% of their domains have been the target of consumer phishing or B2B phishing attacks impersonating their brand to commit fraud. While the cost of phishing attacks isn't always visible, there are very real costs to businesses in the form of email deliverability, brand value and fraud costs. The root cause of this problem is that...

Account takeover-based email scams are climbing fast as the barriers to entry crumble for cybercriminals. But is advanced, AI-driven email protection really the solution? Consider yourself warned: Account takeover (ATO)-based email attacks have surged 126% in just the last year, and now represent the single most successful attack vector against businesses. According to a study from Agari and...

Responding to BOD 18-01, agencies rally to complete the fastest sector-wide adoption of DMARC One year ago, the Department of Homeland Security announced its Binding Operational Directive 18-01 , a mandate for all federal executive branch domains to implement stronger security standards. Specifically, BOD 18-01 required the adoption of HTTPS and DMARC, an email authentication standard that...

Today is the deadline set by the Department of Homeland Security for all executive branch agencies to fully adopt Domain-based Message Authentication, Reporting and Conformance (DMARC) , the email authentication protocol needed to prevent phishing attacks that hijack or mimic their domains. In the past 24 hours, Agari has analyzed federal DMARC adoption on the eve of BOD 18-01 and the results are...

New forms of phishing attacks and other advanced email threats can cost your clients—and your brand—more than you may realize. You could call her a dream client: well-heeled, well-connected, and surely worth a fortune in potential referrals. But when a pair of business email compromise (BEC) attacks against an accountant at her wealth management firm led to $350,000 in losses, the relationship...

NYDFS, HIPAA, GDPR? As Cyber-defenses are Hardened to Comply with an Alphabet Soup of Regulatory Mandates, Organizations are Growing More Vulnerable to Cyberattack—Not Less Name the industry, and it's safe to say that regulatory governance efforts have IT and security teams racing to erect new cyber-defenses to address a rising tide of domestic and international mandates. But if that isn't painful...

Business Email Compromise (BEC) is on the rise, and Office 365 users are among the most heavily targeted. With new LinkedIn-integration features potentially upping the stakes, here's what you need to know now. It's official: Office 365 users will soon be able to co-edit documents from within LinkedIn. But who wins more—businesses and their employees? Or the email fraudsters who increasingly launch...

The email channel has always been the linchpin of your digital marketing operations. But a failure to use something called DMARC could obliterate your deliverability rates, your revenues—even your brand. It's no secret to digital-savvy CMOs that old-school email is a cutting-edge marketing team's killer app. But what you don't know is something called "Domain-based Message Authentication...

A growing number of attacks on businesses and their customers are evading email security systems. Can automation really make the difference? If you’re reading this blog post, chances are your current email security controls are leaving something to be desired. With the sheer volume of email rising fast and cybercriminals continuing to prioritize email over all other threat vectors combined, is...