In the first reported case of its kind, a phishing ring in Eastern Europe is exploiting companies' own Domain-based Message Authentication, Reporting and Conformance (DMARC) controls to impersonate CEOs in business email compromise (BEC) scams worth millions.As detailed in our new threat actor dossier on a group we call Cosmic Lynx, the Agari Cyber Intelligence Division (ACID) has identified the...

A seismic shift in the email threat landscape has CISOs bracing for sophisticated new forms of business email compromise (BEC) scams, as phishing's center of gravity begins to tilt from West African email scammers toward Russian and Eastern European cybercrime lords. As detailed in our new threat actor dossier on a threat group we call Cosmic Lynx, the Agari Cyber Intelligence Division (ACID) has...

With business email compromise (BEC) scams up sharply amid the coronavirus pandemic, CISOs have been forced to scour an expanding but largely inscrutable email threat landscape in hopes of fending off costly attacks—until now, that is. In an industry first, the new Agari Summer '20 Release offers CISOs access to real-world intelligence on specific phishing threats unique to their organizations....

Since the beginning of February, we have seen more than a 3,000% increase in Coronavirus-themed phishing attacks targeting our customers. The spike in attacks is as logical as it is repugnant. With an estimated 75 million employees more reliant than ever on email during the largest "work-from-home experiment" in history, phishing scammers and other threat actors seem hellbent on exploiting...

A growing body of evidence suggests employees throughout the healthcare sector may be uniquely vulnerable to phishing attacks. If finding itself a growing target for cybercriminals weren’t bad enough, the industry is also seeing associated lawsuits piling up. Montana-based Kalispell Regional Healthcare was recently hit with a suit after it disclosed that multiple employees had fallen victim to...

Editor's Note: This post originally appeared on the Microsoft Security blog and has been republished here.  You already know that email is the number one attack vector for cybercriminals. But what you might not know is that without a standard email security protocol called Domain Message Authentication, Reporting, and Conformance (DMARC), your organization is open to the phishing attacks that...