Resources

Blog

Inside a Compromised Account: How Cybercriminals Use Credential Phishing to Further BEC Scams

Why would a cybercriminal spend time developing malware when he can simply trick unsuspecting users into handing over their passwords? Why would a threat actor spend her money and resources on ransomware, when she can get that same information through a compromised account? It’s a good question, and exactly what the Agari Cyber Intelligence Division wanted to discover. In a growing trend known as...
Blog

How to Implement the BIMI-Selector Header for Multiple Brands

Wondering what Brand Indicators for Message Identification actually means? Here, we’ll cover the basics of BIMI, what the BIMI-selector header is, what it does, whether you need it, and how to implement it. But first, do you really need the BIMI-selector header? In most cases, you only need the BIMI-selector header if you want to support multiple logos for multiple brands or subdomains. Otherwise...
Blog

Cyber Threat Intelligence: How to Stay Ahead of Threats

Generally defined, cyber threat intelligence is information used to better understand possible digital threats that might target your organization. This data will help identify threats in order to prevent security breaches in the future. Why Cyber Threat Intelligence is Important Having a system in place that can produce threat intelligence is critical to staying ahead of digital threats, as well...
Press Release

Agari Named Leader in New "Frost Radar: Email Security " Report Based Growth and Innovation

FOSTER CITY, Calif. and LONDON (April 28, 2021) — Agari, the Trusted Email Identity Company™, announced today that Frost & Sullivan has named Agari a leader in the Frost Radar: Email Security report. This ranking is based on having the highest three year compound annual growth rate (CAGR) of 22.2% as well as the company’s vision and strategy focused on identity-centric email security solutions...
Blog

Frost Radar Names Agari as a Leader in Email Security

Three months ago, when I joined Agari as the Chief Marketing Officer, I knew that I was joining a leader in email security. I knew this partially because I worked for Agari from 2016-2019 during an exciting time of change for the company. But my time away from Agari made me realize how much it has to offer its customers and partners, which is ultimately why I decided to return. And I’m thrilled to...
Press Release

Trust 2021 Empowers Cybersecurity Organizations with New Insights and Actions to Stop Phishing

FOSTER CITY, Calif. and LONDON (April 15, 2021) – Interest in the Trust 2021 conference soared in the wake of the newly released FBI IC3 fraud report that stated business email compromise (BEC) and other email-based threats accelerated. An analysis of the reports showed that financially motivated fraud added up to $3.5 billion in losses, equaling 70% of all cybercrime losses in 2020. CISO...
Blog

Protecting Digital Communications During the Digital Transformation: A Look Back at Trust 2021

While we’re all Zoomed, Webexed and Teamed out after thirteen months of the pandemic, cybercriminals are taking advantage of the situation. They know we’re heavily relying on digital communications and they’re sending fake emails, pretending to be your boss. They’re sending fake invoices, pretending to be your vendor. They’re even sending fake requests for gift cards, on the off-chance that...
Press Release

Agari Named in the 2021 CRN® Partner Program Guide

FOSTER CITY, Calif. and LONDON, (March 29, 2021) – Agari, the Trusted Email Identity Company, is being acknowledged by CRN® , a brand of The Channel Company , in its 2021 Partner Program Guide. This annual guide provides a conclusive list of the most distinguished partner programs from leading technology companies that provide products and services through the IT Channel. Given the importance of...
Press Release

Scammers Target Wall Street in New Capital Call Fraud Schemes, Reveals Investigation by Email Security Firm Agari

Capital call payment scams target on average more than $800,000 in wire transfers 333% increase in payroll diversion scams as attackers evolve their tactics 61% of phishing threats reported by employees are false-positives 5.8 Billion malicious emails crafted by scammers spoof corporate URL domains Use of BIMI by companies jumps 82% FOSTER CITY, Calif. and LONDON (March 3, 2021) -- Agari, the...
Blog

Agari Report: New BEC Scam 7X More Costly Than Average, Bigger Phish Start Angling In

Sophisticated new threat actors, evolving phishing tactics, and a $800,000 business email compromise (BEC) scam in the second half of 2020 all signal big trouble ahead, according to new analysis from the Agari Cyber Intelligence Division (ACID). As captured in our H1 2021 Email Fraud & Identity Deception Trends Report , successful attacks on Magellan Health, GoDaddy, and the SolarWinds "hack of...
Blog

Cosmic Lynx Returns in 2021 with Updated Tricks

In July 2020, we published a report on a Russian-based BEC group we called Cosmic Lynx . In that report , we described the tactics used by the group, which included its targeting of senior executives at large companies with a global footprint and how it uses mergers and acquisitions (M&A) themes in its BEC email lures. Shortly after we published the report, we saw a significant decrease in Cosmic...
Press Release

Tracy Pallas of Agari Recognized as 2021 CRN® Channel Chief

FOSTER CITY, Cali. and LONDON (Feb. 8, 2021) – Agari, the Trusted Email Identity company, today announced that CRN® , a brand of The Channel Company , has named Tracy Pallas, vice president of worldwide channel sales and EMEA region, to its 2021 list of Channel Chiefs. The prestigious CRN® Channel Chiefs list, released annually, recognizes leading IT channel vendor executives who continually...
Press Release

Cybersecurity Industry Leaders Join Forces at Trust 2021 to Fight Back Against Cybercriminals

More than 5,000 CISOs, information security influencers, and decision-makers will exchange knowledge on threat intelligence, data science, and automated response capabilities to build a more resilient ecosystem Global 2000 companies will share best practices used to protect the global supply chain from vendor email compromise in the wake of recent data breaches Keynote speaker, Kimberly Bryant...
Press Release

Are Organizations Neglecting Business Email Compromise?

While ransomware is rightly positioned as the most immediate cybersecurity threat, businesses shouldn't underestimate the threat business email compromise (BEC) attacks present to organizations. In this article, Ciaran Rafferty, Managing Director,, discusses the release of the NCSC’s annual review for 2021 and looks at the implications for email security. Originally published in Computing Security...
Blog

Email Security: Agari Delivers a Whole New Level of Actionable Insight to Outpace Threat Actors

CISOs and their teams are about to get some serious performance enhancers in their high-stakes race against email security threats. According to the FBI, phishing campaigns, business email compromise (BEC) scams, and other advanced email attacks have resulted in $26 billion in business losses over the course of three years. Then 2020 happened. With 75 million corporate employees even now still...
Press Release

Agari Outperforms Fourth Quarter and Full Year 2020 Expectations; Uncovers Cybercriminals Behind COVID-19 Unemployment Fraud; Earns Industry Recognitions for Innovation

FOSTER CITY, CA and LONDON (Jan. 6, 2021) -- Agari, the market share leader in phishing defense solutions for the enterprise, today announced performance results for its fiscal fourth quarter and full year ended December 31, 2020. Highlights include: 33% global customer growth First to identify one of the cybercriminal rings behind U.S. CARES Act Fraud First to uncover Russian “BEC” cybercriminal...
Blog

How to Make Oauth2 Play Nice with EKS Ingress

Over the course of my technical career, I’ve always thought of Oauth2 to, frankly, be a bit of a pain. Oauth2 offers a mind boggling amount of possibilities and is the basis of many authorization workflows. However, I have found the documentation and supporting examples of how to integrate Oauth2 somewhat lacking. I hope that someone out in the ether will find this blog post and save a few days of...
Blog

What is Email Spoofing & How to Stop Attackers from Spoofing Your Email Address

What is email spoofing, how does it work, and why is it so dangerous to your company? We’ll explain everything you need to proactively stop attackers from spoofing your email address. Email Spoofing: What Is It? Email spoofing is when a fraudster forges an email header’s ‘From’ address to make it appear as if it was sent by someone else, usually a known contact like a high-level executive or...
Blog

BEC Response Guide— Tips for Responding to Business Email Compromise Incidents

This post originally appeared on Medium and is published here courtesy of Ronnie Tokazowski. For more by Ronnie, follow him on Twitter @iHeartMalware . If you’re reading this and are in the middle of an incident, go to the first bullet now . The rest can wait. Malware incidents suck, but if you want to know what it’s like responding to a BEC incident, triple the carnage, shake the snow globe, set...
Blog

BEC Cash-out Methods: Email Fraudsters Experimenting With Alternative Approaches

Business email compromise ( BEC ) actors are exploring alternative cash-out methods for spiriting away the profits from their crimes. Traditional bank accounts have long been the go-to choice for email scammers seeking to cash out the funds they've pilfered from organizations they victimize. Just since 2016, BEC groups have defrauded businesses out of more than $26 billion worldwide. But over the...