With cyber gangs leveraging business email compromise (BEC) attacks that actively exploit their targets' level of DMARC adoption, CISOs have been ratcheting up email security. Until now, the need to dial up defenses against imposters posing as senior executives in email attacks has been increasingly forcing legitimate business correspondence into quarantine. The chain reaction kneecaps commerce...

Blocking SendGrid email traffic isn't a realistic option for most businesses hit by a barrage of phishing attacks emanating from compromised accounts at the Twilio-owned email service provider in recent months. Instead, Agari leverages a strategic data modeling approach to neutralize the threat while enabling legitimate SendGrid-distributed emails to safely reach employee inboxes. More on that in...

For a growing number of email marketers, it may be "BIMI or bust." As of June 30, nearly 5,300 companies have adopted Brand Indicators for Message Identification ( BIMI ), a new email standard for showcasing a brand's logo next to its email messages in recipient inboxes, with built-in protections against phishing-based brand spoofing. The tally reflects a 3.8X increase in the number of brands...

If you haven't deployed Domain-based Messaging Authentication, Reporting, and Conformance (DMARC) to protect your brand from being impersonated in phishing scams, there are pressing reasons to jump on it now. Without a doubt, these are extraordinary times for individuals and organizations alike as we've been forced to change the way we work, shop, play, and live seemingly overnight, and for far...

With marketers more dependent on digital channels, many may accelerate their tests of Google's AMP for Email technology in search of an edge. But without an email protocol called Domain-based Messaging Authentication, Reporting and Conformance ( DMARC ), fraudsters could weaponize the trust customers expect from your brand for their own evil intentions and put consumers and businesses at risk. The...

In the first reported case of its kind, a phishing ring in Eastern Europe is exploiting companies' own Domain-based Message Authentication, Reporting and Conformance ( DMARC ) controls to impersonate CEOs in business email compromise (BEC) scams worth millions. As detailed in our new threat actor dossier on a group we call Cosmic Lynx , the Agari Cyber Intelligence Division (ACID) has identified...

A seismic shift in the email threat landscape has CISOs bracing for sophisticated new forms of business email compromise (BEC) scams, as phishing's center of gravity begins to tilt from West African email scammers toward Russian and Eastern European cybercrime lords. As detailed in our new threat actor dossier on a threat group we call Cosmic Lynx , the Agari Cyber Intelligence Division (ACID) has...

With business email compromise (BEC) scams up sharply amid the coronavirus pandemic, CISOs have been forced to scour an expanding but largely inscrutable email threat landscape in hopes of fending off costly attacks—until now, that is. In an industry first, the new Agari Summer '20 Release offers CISOs access to real-world intelligence on specific phishing threats unique to their organizations...

A new Total Economic Impact (TEI) Study from Forrester finds that Agari Phishing Defense™ (APD) delivered results 36% faster than competing solutions, and results in a 97% ROI in just three years. But it turns out that's just the warm-up act. TEI reports are designed to help organizations accurately evaluate potential IT initiatives. In this instance, we commissioned the study so Forrester...

Are you protecting your remote workers against an endless barrage of COVID-19 related phishing attacks by requiring 2-factor authentication (2FA) to log into employee email accounts? Smart move—just don't let it give you a false sense of security.

Since the beginning of February, we have seen more than a 3,000% increase in Coronavirus-themed phishing attacks targeting our customers. The spike in attacks is as logical as it is repugnant. With an estimated 75 million employees more reliant than ever on email during the largest "work-from-home experiment" in history, phishing scammers and other threat actors seem hellbent on exploiting...

Hint: DMARC Alone Won't Cut It Think the prospect of cybercriminals using your domains to launch phishing attacks sounds bad for your brand? Just wait until you hear the latest on lookalike domains. Over the last few months, researchers have been discovering a troubling number of phishing sites that feature domains meant to impersonate leading brands in a variety of industries. Sometimes referred...

A growing body of evidence suggests employees throughout the healthcare sector may be uniquely vulnerable to phishing attacks. If finding itself a growing target for cybercriminals weren’t bad enough, the industry is also seeing associated lawsuits piling up. Montana-based Kalispell Regional Healthcare was recently hit with a suit after it disclosed that multiple employees had fallen victim to...

Imagine going to the doctor and only being able to say “pain” or “sick”. You can’t say where you feel the pain, or what type of pain, or what is making you sick. Without this information, it is nearly impossible for the doctor to know how to treat you. From a cybersecurity perspective, this is very much like calling every email attack a “phishing attack" or even a “hack”. It limits the ability to...

Editor's Note: This post originally appeared on the Microsoft Security blog and has been republished here. You already know that email is the number one attack vector for cybercriminals. But what you might not know is that without a standard email security protocol called Domain Message Authentication, Reporting, and Conformance ( DMARC ), your organization is open to the phishing attacks that...

At Agari we often talk about the evolving nature of advanced email attacks and the identity deception tactics that go with them. These attacks bypass legacy controls and like a magician delighting a curious audience, they trick the human psyche by targeting core human emotions such as fear, anxiety and curiosity. Of course, the magic in this case comes with ill intent. A good example of a...

Creating a future where all of our customers can trust their inbox can push Agari engineers to the limits of available technologies. In fact, handling the scaling requirements of Cloud Email Protection has led our Sensor team to test some of the most advanced features of the Python programming language. To maintain quality while using these features, our team created some of the first approaches...

Scammers know that impersonating a trusted government agency is an extremely effective way to trick or scare victims into handing over money, personal data, or sensitive information. In many cases, it’s all too easy for cybercriminals to use the agency’s own domains to send authentic-looking phishing emails to constituents and contractors. That’s why the Department of Homeland Security announced...

This post originally appeared on the Armadillo Blog and has been lightly edited for clarity. Most organisations have been successful in blocking malicious emails targeted at their employees, at least to some extent. Various on-premise and cloud providers exist to take care of anti-spam, anti-virus, reputation scores, and advanced features such as sandboxing of executables. As a service provider...

First, An Apology Sorry, demand generation professionals. We still love you and your jobs aren’t going away. But, as you are well aware, the B2B buyer journey has changed—dramatically. Your roles, measurements, data sources, and tool sets have also transformed. All for the better. Meanwhile, building quality pipeline is becoming harder, as is capturing the mindshare of time-starved buyers who are...