Resources

Press Release
Press Release

Agari Dispels Myth of Where Phishing Criminals are Located

FOSTER CITY, Calif. and LONDON (Oct. 13, 2020) -- Agari, the market share leader in phishing defense for the enterprise, unveiled today the results of a year-long investigation into geographic locations of business email compromise (BEC) cybercriminals. Today’s announcement pinpoints for the first time where email scammers are located globally and maps their tangled web of money mules. Agari Cyber...
Blog
Blog

The Global Reach of Business Email Compromise (BEC)

Mon, 10/12/2020
Over the last five years, Business Email Compromise (BEC) has evolved into the predominant cyber threat businesses face today. Since 2016, businesses have lost at least $26 billion as a result of BEC scams and, based on the most recent FBI IC3 report , losses from BEC attacks grew another 37 percent in 2019—accounting for 40 percent of all cybercrime losses over the course of the year. The...
ACID Research
Advanced Persistent Threats (APT)
Business Email Compromise
Cloud Email Security
Blog
Blog

Agari Fall ' 20 Release Boosts CISO Confidence in Enterprise DMARC Deployment

Tue, 09/29/2020
With cyber gangs leveraging business email compromise (BEC) attacks that actively exploit their targets' level of DMARC adoption, CISOs have been ratcheting up email security. Until now, the need to dial up defenses against imposters posing as senior executives in email attacks has been increasingly forcing legitimate business correspondence into quarantine. The chain reaction kneecaps commerce...
ACID Research
Advanced Persistent Threats (APT)
Business Email Compromise
Cloud Email Security
DMARC Email Authentication
Blog
Blog

Brand Indicators for Message Identification (BIMI) Adoption Soaring to New Heights

Wed, 09/23/2020
For a growing number of email marketers, it may be "BIMI or bust." As of June 30, nearly 5,300 companies have adopted Brand Indicators for Message Identification ( BIMI ), a new email standard for showcasing a brand's logo next to its email messages in recipient inboxes, with built-in protections against phishing-based brand spoofing. The tally reflects a 3.8X increase in the number of brands...
ACID Research
Cloud Email Security
DMARC Email Authentication
BIMI Brand Impressions
Blog
Blog

Why Full DMARC Protection is a Pressing Business Imperative in 2020 and Beyond

Tue, 09/15/2020
If you haven't deployed Domain-based Messaging Authentication, Reporting, and Conformance (DMARC) to protect your brand from being impersonated in phishing scams, there are pressing reasons to jump on it now. Without a doubt, these are extraordinary times for individuals and organizations alike as we've been forced to change the way we work, shop, play, and live seemingly overnight, and for far...
ACID Research
Advanced Persistent Threats (APT)
Business Email Compromise
Cloud Email Security
DMARC Email Authentication
Blog
Blog

DMARC: How Phishing Rings Can Use Your Email Authentication Controls Against You

Thu, 07/23/2020
In the first reported case of its kind, a phishing ring in Eastern Europe is exploiting companies' own Domain-based Message Authentication, Reporting and Conformance ( DMARC ) controls to impersonate CEOs in business email compromise (BEC) scams worth millions. As detailed in our new threat actor dossier on a group we call Cosmic Lynx , the Agari Cyber Intelligence Division (ACID) has identified...
ACID Research
Advanced Persistent Threats (APT)
Business Email Compromise
Cloud Email Security
DMARC Email Authentication
Blog
Blog

Business Email Compromise: New Shift in BEC Threat Landscape Puts CISOs on Notice

Fri, 07/17/2020
A seismic shift in the email threat landscape has CISOs bracing for sophisticated new forms of business email compromise (BEC) scams, as phishing's center of gravity begins to tilt from West African email scammers toward Russian and Eastern European cybercrime lords. As detailed in our new threat actor dossier on a threat group we call Cosmic Lynx , the Agari Cyber Intelligence Division (ACID) has...
Advanced Persistent Threats (APT)
Business Email Compromise
Cloud Email Security
DMARC Email Authentication
Blog
Blog

Cosmic Lynx: A Russian Threat Hits the BEC Scene

Mon, 07/06/2020
“At some point, Russian and Eastern European cybercriminals are going to start thinking to themselves, ‘Why am I spending all of this time and money setting up infrastructure and hiring malware developers when I can just send someone an email, ask them to send me money, and they’ll do it.’” For more than a year, this is a line we have used over and over again, expecting that some of the world’s...
Advanced Persistent Threats (APT)
Business Email Compromise
Cloud Email Security
Blog
Blog

Agari Summer '20 Release: CISOs Gain Unique Threat Intel to Their Organizations

Tue, 06/30/2020
With business email compromise (BEC) scams up sharply amid the coronavirus pandemic, CISOs have been forced to scour an expanding but largely inscrutable email threat landscape in hopes of fending off costly attacks—until now, that is. In an industry first, the new Agari Summer '20 Release offers CISOs access to real-world intelligence on specific phishing threats unique to their organizations...
Advanced Persistent Threats (APT)
Business Email Compromise
Blog
Blog

Preventing Phishing Attacks:  The Dangers of Two-Factor Authentication

Mon, 06/08/2020
Are you protecting your remote workers against an endless barrage of COVID-19 related phishing attacks by requiring 2-factor authentication (2FA) to log into employee email accounts? Smart move—just don't let it give you a false sense of security.
Advanced Persistent Threats (APT)
Account Takeover
Consumer Phishing
Spear Phishing
Blog
Blog

Scattered Canary Cybercrime Ring Exploits the COVID-19 Pandemic with Fraudulent Unemployment and CARES Act Claims

Mon, 05/18/2020
Recently, news broke about how a sophisticated Nigerian cybercriminal organization has been committing mass unemployment fraud against a number of states, including Florida, Massachusetts, North Carolina, Oklahoma, Rhode Island, Washington, and Wyoming. Based on information uncovered by the Agari Cyber Intelligence Division, some, if not all, the actors behind these fraudulent schemes are likely...
Advanced Persistent Threats (APT)
Business Email Compromise
Blog
Blog

COVID-19 Credential Phishing Scams: Feeding Off Coronavirus Fears

Tue, 04/28/2020
Since the beginning of February, we have seen more than a 3,000% increase in Coronavirus-themed phishing attacks targeting our customers. The spike in attacks is as logical as it is repugnant. With an estimated 75 million employees more reliant than ever on email during the largest "work-from-home experiment" in history, phishing scammers and other threat actors seem hellbent on exploiting...
Advanced Persistent Threats (APT)
Consumer Phishing
Advanced Threat Protection
Anti-Phishing
Phishing Simulation & Training
Blog
Blog

BEC Gift Card Scams Move Online During COVID-19 Pandemic

Mon, 04/06/2020
With 60 million corporate employees working remotely due to the Coronavirus outbreak, cybercriminals are switching up their tactics in business email compromise (BEC) scams. In what has been called the " world's largest work-from-home experiment ," organizations around the globe are being forced to quickly transition to a remote workforce, ready or not. Cybercriminals have opportunistically...
Advanced Persistent Threats (APT)
Business Email Compromise
Cloud Email Security
Blog
Blog

Business Email Compromise (BEC): Security Risks from your 'Out-of-Office' Reply

Fri, 04/03/2020
As if coronavirus hasn't put enough of a damper on vacation schedules this spring, corporate employees taking time off might want to rethink their "out of office" email settings for fear a different threat: Business Email Compromise ( BEC ) scams. Sure, the temptation to share humorous details about your big spring adventure can be irresistible for a certain species of corporate denizen...
Advanced Persistent Threats (APT)
Business Email Compromise
Press Release
Press Release

KnowBe4 and Agari Announce New Partnership to Transform Phishing Protection

Tampa Bay, FL (March 5, 2020) – KnowBe4, the provider of the world’s largest security awareness training and simulated phishing platform, today announced a new partnership with Agari, the market share leader in phishing defense solutions for the enterprise, that creates a best-in-class approach to defend against phishing attacks at scale. As a result of this new partnership, information security...
Blog
Blog

Business Email Compromise (BEC) and G Suite: How the Exaggerated Lion Cybercrime Group Cashes Out

Wed, 02/19/2020
Business email compromise (BEC) has become the predominant cyber threat businesses face today. These basic social engineering scams are having a huge impact, to the tune of more than $700 million every month. To make matters worse, the recently-released Internet Crime Report from the FBI’s Internet Crime Complaint Center shows that BEC isn’t going away any time soon, as losses from BEC attacks...
Advanced Persistent Threats (APT)
Business Email Compromise
Blog
Blog

The Threat Taxonomy: A Working Framework to Describe Cyber Attacks

Tue, 10/22/2019
Imagine going to the doctor and only being able to say “pain” or “sick”. You can’t say where you feel the pain, or what type of pain, or what is making you sick. Without this information, it is nearly impossible for the doctor to know how to treat you. From a cybersecurity perspective, this is very much like calling every email attack a “phishing attack" or even a “hack”. It limits the ability to...
Advanced Persistent Threats (APT)
Blog
Blog

How to Prevent Phishing Attacks that Target Your Customers with DMARC and Office 365

Thu, 09/26/2019
Editor's Note: This post originally appeared on the Microsoft Security blog and has been republished here. You already know that email is the number one attack vector for cybercriminals. But what you might not know is that without a standard email security protocol called Domain Message Authentication, Reporting, and Conformance ( DMARC ), your organization is open to the phishing attacks that...
Advanced Persistent Threats (APT)
Business Email Compromise
Advanced Threat Protection
Anti-Phishing
Cloud Email Security
DMARC Email Authentication
Email Security for Office 365
Blog
Blog

How to Stop Phishing Message Voicemail Attacks

Tue, 09/24/2019
At Agari we often talk about the evolving nature of advanced email attacks and the identity deception tactics that go with them. These attacks bypass legacy controls and like a magician delighting a curious audience, they trick the human psyche by targeting core human emotions such as fear, anxiety and curiosity. Of course, the magic in this case comes with ill intent. A good example of a...
Advanced Persistent Threats (APT)
Consumer Phishing
Spear Phishing
Blog
Blog

Weaponizing Accounts Receivable

Tue, 07/23/2019
Receipts and invoices—two accounting powerhouses that require little introduction. But step a little further into the world of finance and accounts, and you can quickly become a fish out of water, as the terminology to this numerical land seems to multiply exponentially. That said, in some of our recent active defense engagements with BEC cybercriminals, we have observed a new way scammers are...
Advanced Persistent Threats (APT)
Business Email Compromise