Datasheet
Account Takeover Attack Prevention
Organizations are more likely to be breached today than ever before, as cybercriminals shift tactics once again, using account takeovers (ATOs) to launch targeted email attacks. In fact, a recent Osterman Research survey reported that one in five organizations fell victim to an ATO-based email attack within the past 12 months. Attackers know that trusted email is the most effective way of...
Blog
SMTPS: Securing SMTP and the Differences Between SSL, TLS, and the Ports They Use
Thu, 05/26/2022
What is the difference between SMTPS and SMTP?
SMTPS uses additional SSL or TLS cryptographic protocols for improved security, and the extra "S" stands for SECURE!
By default, SMTP to send email lacks encryption and can be used for sending without any protection in place, leaving emails with an SMTP setup susceptible to man-in-the-middle attacks...
Blog
Six Steps to Email Security Best Practice
Thu, 01/13/2022
To help IT teams define a robust email security policy and determine what’s required from an email security solution, we’ve put together a new six-step guide.
Blog
What Is Email Phishing? Protect Your Enterprise
Wed, 12/08/2021
Phishing emails can steal sensitive data and cost companies' their reputation. However, protecting a company from these scammers doesn't need to be difficult.
What Is Email Phishing?
Phishing is when an attacker mimics a trusted person or brand in an attempt to steal sensitive information, or gain a foothold inside a company network. While phishing emails are by far the most popular, these...
Blog
It’s the Most Wonderful Time of the Year… for Cybercriminals
Mon, 11/29/2021
The holiday season is upon us, which means it’s also the busiest time of the year for online shopping. There’s Black Friday, Cyber Monday, and gifts to buy for loved ones. Plus, gifts to buy for yourself when the deals are this good! But beware, for cybercriminals ‘tis also the season to scam millions of dollars from unsuspecting people and companies. They’re banking on people being in a rush and...
Blog
Spear Phishing Emails: What They Are & How to Prevent Them
Fri, 11/05/2021
Spear phishing is more focused than normal phishing. To protect against this type of phishing, your entire company will need to be educated and protected.
What is a typical spear phishing attempt?
A typical spear phishing attempt is a fraudulent personalized email that is usually sent with an attachment or requests a response. The fraudster then tries to entice the recipient to open the infected...
Blog
TLS Email Encryption: What It Is & How to Check if Your Email Is Using It
Mon, 06/21/2021
What exactly is TLS when it comes to email encryption?
TLS, or cybersecurity protocol Transport Layer Security first developed by the Internet Engineering Task Force (IETF), was designed to establish secure communications that provide both privacy and data security. Originally created from another encryption protocol called Secure Sockets Layer, or...
Blog
Email Security: Agari Delivers a Whole New Level of Actionable Insight to Outpace Threat Actors
Sun, 01/24/2021
CISOs and their teams are about to get some serious performance enhancers in their high-stakes race against email security threats.
According to the FBI, phishing campaigns, business email compromise (BEC) scams, and other advanced email attacks have resulted in $26 billion in business losses over the course of three years. Then 2020 happened.
With 75 million corporate employees even now still...
Blog
What is Email Spoofing & How to Stop Attackers from Spoofing Your Email Address
Tue, 12/15/2020
What is email spoofing, how does it work, and why is it so dangerous to your company? We’ll explain everything you need to proactively stop attackers from spoofing your email address.
Email Spoofing: What Is It?
Email spoofing is when a fraudster forges an email header’s ‘From’ address to make it appear as if it was sent by someone else, usually a known contact like a high-level executive or...
Blog
BEC Cash-out Methods: Email Fraudsters Experimenting With Alternative Approaches
Tue, 12/01/2020
Business email compromise (BEC) actors are exploring alternative cash-out methods for spiriting away the profits from their crimes.
Traditional bank accounts have long been the go-to choice for email scammers seeking to cash out the funds they've pilfered from organizations they victimize. Just since 2016, BEC groups have defrauded businesses out of more than $26 billion worldwide. But over the...
Blog
Office 365 Phishing Emails: Prevention, Detection, Response
Tue, 11/24/2020
Office 365 phishing emails come in common patterns. I'll list them here and also cover Office 365 anti-phishing features for prevention, detection, and response.
Today, the typical Office 365 phishing emails direct users to fake Office 365 Sign-in pages. The victim submits their credentials, effectively handing over their password. Fraudsters use that login to access the victim’s address book,...
Blog
BEC Attacks: What They Are, How to Spot Them, and What to Do
Tue, 11/10/2020
Here we’ll cover what BEC attacks are, how they work, what they usually look like, and how to handle them.
What is a BEC Attack?
7 Common BEC Attack Patterns
Top Identity Deception Techniques
How Can BEC Attacks be Stopped?
What's the Best Way to Recover From a BEC Attack?
What is a BEC Attack?
First, let me explain what a BEC attack is. In short, Business Email Compromise phishing...
Blog
Agari Fall ' 20 Release Boosts CISO Confidence in Enterprise DMARC Deployment
Tue, 09/29/2020
With cyber gangs leveraging business email compromise (BEC) attacks that actively exploit their targets' level of DMARC adoption, CISOs have been ratcheting up email security.
Until now, the need to dial up defenses against imposters posing as senior executives in email attacks has been increasingly forcing legitimate business correspondence into quarantine. The chain reaction kneecaps commerce,...
Blog
Phishing: How to Protect Against Email Attacks Sent from Compromised SendGrid Accounts
Mon, 09/28/2020
Blocking SendGrid email traffic isn't a realistic option for most businesses hit by a barrage of phishing attacks emanating from compromised accounts at the Twilio-owned email service provider in recent months.
Instead, Agari leverages a strategic data modeling approach to neutralize the threat while enabling legitimate SendGrid-distributed emails to safely reach employee inboxes. More on that in...
Blog
DMARC: How Phishing Rings Can Use Your Email Authentication Controls Against You
Thu, 07/23/2020
In the first reported case of its kind, a phishing ring in Eastern Europe is exploiting companies' own Domain-based Message Authentication, Reporting and Conformance (DMARC) controls to impersonate CEOs in business email compromise (BEC) scams worth millions.As detailed in our new threat actor dossier on a group we call Cosmic Lynx, the Agari Cyber Intelligence Division (ACID) has identified the...
Blog
Business Email Compromise: New Shift in BEC Threat Landscape Puts CISOs on Notice
Fri, 07/17/2020
A seismic shift in the email threat landscape has CISOs bracing for sophisticated new forms of business email compromise (BEC) scams, as phishing's center of gravity begins to tilt from West African email scammers toward Russian and Eastern European cybercrime lords.
As detailed in our new threat actor dossier on a threat group we call Cosmic Lynx, the Agari Cyber Intelligence Division (ACID) has...
Blog
Preventing Phishing Attacks: The Dangers of Two-Factor Authentication
Mon, 06/08/2020
Are you protecting your remote workers against an endless barrage of COVID-19 related phishing attacks by requiring 2-factor authentication (2FA) to log into employee email accounts? Smart move—just don't let it give you a false sense of security.
Blog
COVID-19 Credential Phishing Scams: Feeding Off Coronavirus Fears
Tue, 04/28/2020
Since the beginning of February, we have seen more than a 3,000% increase in Coronavirus-themed phishing attacks targeting our customers. The spike in attacks is as logical as it is repugnant. With an estimated 75 million employees more reliant than ever on email during the largest "work-from-home experiment" in history, phishing scammers and other threat actors seem hellbent on exploiting...
Blog
The Threat Taxonomy: A Working Framework to Describe Cyber Attacks
Tue, 10/22/2019
Imagine going to the doctor and only being able to say “pain” or “sick”. You can’t say where you feel the pain, or what type of pain, or what is making you sick. Without this information, it is nearly impossible for the doctor to know how to treat you. From a cybersecurity perspective, this is very much like calling every email attack a “phishing attack" or even a “hack”. It limits the ability to...