Resources

Blog

The Science Behind the Scenes: How Machine Learning Combats Phishing Attacks and BEC

Thu, 07/20/2023

Because email remains the most ubiquitous form of business communication, it continues to be a favorite attack vector for cybercriminals. Email has always been vulnerable because it was not originally designed with security or privacy in mind. As a result, email security vendors emerged to protect this critical communication channel. In the early days, many vendors used...

Guide

Machine Learning Models in Cloud Email Protection

Traditional email security products struggle to detect email impersonation threats such as Business Email Compromise (BEC) and spear phishing campaigns. These threats consistently bypass defenses that rely on signatures and policies like Secure Email Gateways and native-cloud email filters. This guide breaks down how Fortra uses advanced data science, including machine learning models, to find and mitigate attacks that slip past traditional email defenses.

Advanced Persistent Threats (APT)

Business Email Compromise

Social Engineering

Advanced Threat Protection

Anti-Phishing

Cloud Email Security

On-Demand Webinar

DMARC Revisited: Email Authentication in 2024

Implementing DMARC is one of the simplest ways to prevent email spoofing and ensure consistent email deliverability. Agari DMARC Protection will lead you through a safe and efficient DMARC implementation with features that allow you to: Catalogue and authenticate all legitimate senders–both 3rd-party and internal Navigate past common authentication pitfalls Comply with...

Advanced Persistent Threats (APT)

Business Email Compromise

Spear Phishing

Advanced Threat Protection

Anti-Phishing

Cloud Email Security

On-Demand Webinar

QR Codes That Aren't Cool Webinar

Threat adversaries have pivoted their credential phishing and BEC tactics in order to bypass security stacks. In this video, Fortra’s Advanced Email Security expert, Dr. Steve Jeffery, discusses how the QR code has become the carrier of choice for delivering payloads via email and what your organization needs to put in place to stop them. You’ll learn: How human and...

Advanced Persistent Threats (APT)

Business Email Compromise

Spear Phishing

Advanced Threat Protection

Anti-Phishing

Cloud Email Security

Blog

Financials & Card Data Top Q3 Targets on the Dark Web

Mon, 12/05/2022

In Q3, credit unions nearly overtook national banks as the top targeted industry on the Dark Web, according to recent data from Fortra’s PhishLabs.

Blog

Emails Reported as Malicious Reach Four-Quarter High in Q3

Wed, 11/23/2022

The volume of malicious emails reported in corporate inboxes has reached a four-quarter high, according to the latest data from Fortra's PhishLabs.

Blog

What Is Whaling Phishing & How Does It Work?

Mon, 10/03/2022

“Whaling” phishing fraud attacks target the C-suite of a company which creates high risk of extremely sensitive, mission-critical data being stolen and exposed. Fortunately, protecting the organization from these attacks is possible. Whaling phishing is a type of phishing attack targeting larger, high-value targets, which is why it's called "Whaling." Attackers themselves...

On-Demand Webinar

Securing Office 365: How to Protect Against Targeted Email Attacks

Thu, 07/28/2022

This webinar from Agari and Osterman Research explains why organizations with Office 365 need robust email security and how to implement it cost-effectively.

On-Demand Webinar

Cosmic Lynx Threat Disorder: The Rise of Russian BEC

By Crane Hassold

In this webinar, Agari Sr. Director of Threat Research, Crane Hassold discusses Cosmic Lynx, the first-ever reported Russian BEC criminal organization, and how the group has significantly impacted the email threat landscape with sophisticated, high-dollar phishing attacks.

Guide

Behind the 'From' Lines: Email Fraud on a Global Scale

Organized criminals are targeting businesses with identity deception attacks that cause financial losses and broken trust, but Agari is changing the game. Using responsible active defense techniques to analyze criminal email accounts, the Agari Cyber Intelligence Division (ACID) unmasked 10 cybercriminal groups during a 10-month period. ACID has used the results of its work to:...

Guide

Scarlet Widow Part 2: BEC Bitcoin Laundry—Scam, Rinse, Repeat

While many cybercriminal gangs scam medium-sized and large corporations, Agari has now uncovered and documented the practices of a Nigeria-based scammer group, dubbed Scarlet Widow, that has evolved a different strategy focused on more vulnerable sectors such as school districts, universities, and nonprofits. Image In this report, we...

Guide

Cosmic Lynx Threat Dossier: The Rise of Russian BEC

Cosmic Lynx is a Russia-based BEC cybercriminal organization that has significantly impacted the email threat landscape with sophisticated, high-dollar phishing attacks. In this threat dossier, you’ll discover key details about Cosmic Lynx, including: How Cosmic targets global corporations with incredibly sophisticated BEC attacks How Cosmic Lynx exploits DMARC controls to...

Advanced Persistent Threats (APT)

Business Email Compromise

Spear Phishing

Advanced Threat Protection

Anti-Phishing

Cloud Email Security

Guide

Domains Associated with Exaggerated Lion BEC Campaigns

Below is the list of domains associated with Exaggerated Lion BEC Campaigns. You can access the PDF version of this list by clicking the "Download PDF Version" button at the top of this page. 1secure-portal-server.online admin-office-exec-ssl-secure-server-portal-exec.management admin-office-exec-ssl-secured-server-portal-exec.management admin-server-apps.management admin...

Blog

What Is Email Phishing? Protect Your Enterprise

Wed, 12/08/2021

Phishing emails can steal sensitive data and cost companies' their reputation. However, protecting a company from these scammers doesn't need to be difficult. What Is Email Phishing? Phishing is when an attacker mimics a trusted person or brand in an attempt to steal sensitive information, or gain a foothold inside a company network. While phishing emails are by far the...

Blog

TLS Email Encryption: What It Is & How to Check if Your Email Is Using It

Mon, 06/21/2021

What exactly is TLS when it comes to email encryption? Image TLS, or cybersecurity protocol Transport Layer Security first developed by the Internet Engineering Task Force (IETF), was designed to establish secure communications that provide both privacy and data security. Originally created from another encryption protocol called...

Blog

Email Security: Agari Delivers a Whole New Level of Actionable Insight to Outpace Threat Actors

Sun, 01/24/2021

CISOs and their teams are about to get some serious performance enhancers in their high-stakes race against email security threats. According to the FBI, phishing campaigns, business email compromise (BEC) scams, and other advanced email attacks have resulted in $26 billion in business losses over the course of three years. Then 2020 happened. With 75 million corporate...

Blog

BEC Cash-out Methods: Email Fraudsters Experimenting With Alternative Approaches

Tue, 12/01/2020

Business email compromise (BEC) actors are exploring alternative cash-out methods for spiriting away the profits from their crimes. Traditional bank accounts have long been the go-to choice for email scammers seeking to cash out the funds they've pilfered from organizations they victimize. Just since 2016, BEC groups have defrauded businesses out of more than $26 billion...

Blog

BEC Attacks: What They Are, How to Spot Them, and What to Do

Tue, 11/10/2020

Here we’ll cover what BEC attacks are, how they work, what they usually look like, and how to handle them. What is a BEC Attack? 7 Common BEC Attack Patterns Top Identity Deception Techniques How Can BEC Attacks be Stopped? What's the Best Way to Recover From a BEC Attack? What is a BEC Attack? First, let me explain what a BEC attack is. In short, Business Email...

Blog

Agari Fall ' 20 Release Boosts CISO Confidence in Enterprise DMARC Deployment

Tue, 09/29/2020

With cyber gangs leveraging business email compromise (BEC) attacks that actively exploit their targets' level of DMARC adoption, CISOs have been ratcheting up email security. Until now, the need to dial up defenses against imposters posing as senior executives in email attacks has been increasingly forcing legitimate business correspondence into quarantine. The chain reaction...

Blog

DMARC: How Phishing Rings Can Use Your Email Authentication Controls Against You

Thu, 07/23/2020

In the first reported case of its kind, a phishing ring in Eastern Europe is exploiting companies' own Domain-based Message Authentication, Reporting and Conformance (DMARC) controls to impersonate CEOs in business email compromise (BEC) scams worth millions.As detailed in our new threat actor dossier on a group we call Cosmic Lynx, the Agari Cyber Intelligence Division (ACID)...

The Science Behind the Scenes: How Machine Learning Combats Phishing Attacks and BEC

Machine Learning Models in Cloud Email Protection

DMARC Revisited: Email Authentication in 2024

QR Codes That Aren't Cool Webinar

Financials & Card Data Top Q3 Targets on the Dark Web

Emails Reported as Malicious Reach Four-Quarter High in Q3

What Is Whaling Phishing & How Does It Work?

Securing Office 365: How to Protect Against Targeted Email Attacks

Cosmic Lynx Threat Disorder: The Rise of Russian BEC

Behind the 'From' Lines: Email Fraud on a Global Scale

Scarlet Widow Part 2: BEC Bitcoin Laundry—Scam, Rinse, Repeat

Cosmic Lynx Threat Dossier: The Rise of Russian BEC

Domains Associated with Exaggerated Lion BEC Campaigns

What Is Email Phishing? Protect Your Enterprise

TLS Email Encryption: What It Is & How to Check if Your Email Is Using It

Email Security: Agari Delivers a Whole New Level of Actionable Insight to Outpace Threat Actors

BEC Cash-out Methods: Email Fraudsters Experimenting With Alternative Approaches

BEC Attacks: What They Are, How to Spot Them, and What to Do

Agari Fall ' 20 Release Boosts CISO Confidence in Enterprise DMARC Deployment

DMARC: How Phishing Rings Can Use Your Email Authentication Controls Against You

Contact Information

Privacy Policy

Cookie Policy

Impressum