Resources

Press Release
Press Release

Cybersecurity Industry Leaders Join Forces at Trust 2021 to Fight Back Against Cybercriminals

More than 5,000 CISOs, information security influencers, and decision-makers will exchange knowledge on threat intelligence, data science, and automated response capabilities to build a more resilient ecosystem Global 2000 companies will share best practices used to protect the global supply chain from vendor email compromise in the wake of recent data breaches Keynote speaker, Kimberly Bryant...
Press Release
Press Release

Are Organizations Neglecting Business Email Compromise?

While ransomware is rightly positioned as the most immediate cybersecurity threat, businesses shouldn't underestimate the threat business email compromise (BEC) attacks present to organizations. In this article, Ciaran Rafferty, Managing Director,, discusses the release of the NCSC’s annual review for 2021 and looks at the implications for email security. Originally published in Computing Security...
Blog
Blog

Email Security: Agari Delivers a Whole New Level of Actionable Insight to Outpace Threat Actors

Sun, 01/24/2021
CISOs and their teams are about to get some serious performance enhancers in their high-stakes race against email security threats. According to the FBI, phishing campaigns, business email compromise (BEC) scams, and other advanced email attacks have resulted in $26 billion in business losses over the course of three years. Then 2020 happened. With 75 million corporate employees even now still...
Advanced Persistent Threats (APT)
Business Email Compromise
Advanced Threat Protection
Cloud Email Security
DMARC Email Authentication
Press Release
Press Release

Agari Outperforms Fourth Quarter and Full Year 2020 Expectations; Uncovers Cybercriminals Behind COVID-19 Unemployment Fraud; Earns Industry Recognitions for Innovation

FOSTER CITY, CA and LONDON (Jan. 6, 2021) -- Agari, the market share leader in phishing defense solutions for the enterprise, today announced performance results for its fiscal fourth quarter and full year ended December 31, 2020. Highlights include: 33% global customer growth First to identify one of the cybercriminal rings behind U.S. CARES Act Fraud First to uncover Russian “BEC” cybercriminal...
Blog
Blog

How to Make Oauth2 Play Nice with EKS Ingress

Tue, 12/22/2020
Over the course of my technical career, I’ve always thought of Oauth2 to, frankly, be a bit of a pain. Oauth2 offers a mind boggling amount of possibilities and is the basis of many authorization workflows. However, I have found the documentation and supporting examples of how to integrate Oauth2 somewhat lacking. I hope that someone out in the ether will find this blog post and save a few days of...
Advanced Persistent Threats (APT)
Social Engineering
Advanced Threat Protection
Anti-Phishing
Cloud Email Security
Blog
Blog

What is Email Spoofing & How to Stop Attackers from Spoofing Your Email Address

Tue, 12/15/2020
What is email spoofing, how does it work, and why is it so dangerous to your company? We’ll explain everything you need to proactively stop attackers from spoofing your email address. Email Spoofing: What Is It? Email spoofing is when a fraudster forges an email header’s ‘From’ address to make it appear as if it was sent by someone else, usually a known contact like a high-level executive or...
Advanced Persistent Threats (APT)
Consumer Phishing
Spear Phishing
Advanced Threat Protection
Anti-Phishing
Cloud Email Security
Blog
Blog

BEC Response Guide— Tips for Responding to Business Email Compromise Incidents

Mon, 12/14/2020
This post originally appeared on Medium and is published here courtesy of Ronnie Tokazowski. For more by Ronnie, follow him on Twitter @iHeartMalware . If you’re reading this and are in the middle of an incident, go to the first bullet now . The rest can wait. Malware incidents suck, but if you want to know what it’s like responding to a BEC incident, triple the carnage, shake the snow globe, set...
Advanced Persistent Threats (APT)
Business Email Compromise
Blog
Blog

BEC Cash-out Methods: Email Fraudsters Experimenting With Alternative Approaches

Tue, 12/01/2020
Business email compromise ( BEC ) actors are exploring alternative cash-out methods for spiriting away the profits from their crimes. Traditional bank accounts have long been the go-to choice for email scammers seeking to cash out the funds they've pilfered from organizations they victimize. Just since 2016, BEC groups have defrauded businesses out of more than $26 billion worldwide. But over the...
Advanced Persistent Threats (APT)
Business Email Compromise
Cloud Email Security
Blog
Blog

Office 365 Phishing Emails: Prevention, Detection, Response

Tue, 11/24/2020
Office 365 phishing emails come in common patterns. I'll list them here and also cover Office 365 anti-phishing features for prevention, detection, and response. Today, the typical Office 365 phishing emails direct users to fake Office 365 Sign-in pages. The victim submits their credentials, effectively handing over their password. Fraudsters use that login to access the victim’s address book...
Cloud Email Security
Email Security for Office 365
Blog
Blog

BEC Attacks: What They Are, How to Spot Them, and What to Do

Tue, 11/10/2020
Here we’ll cover what BEC attacks are, how they work, what they usually look like, and how to handle them. What is a BEC Attack? 7 Common BEC Attack Patterns Top Identity Deception Techniques How Can BEC Attacks be Stopped? What's the Best Way to Recover From a BEC Attack? What is a BEC Attack? First, let me explain what a BEC attack is. In short, Business Email Compromise phishing occurs when...
Advanced Persistent Threats (APT)
Business Email Compromise
Press Release
Press Release

Agari Dispels Myth of Where Phishing Criminals are Located

FOSTER CITY, Calif. and LONDON (Oct. 13, 2020) -- Agari, the market share leader in phishing defense for the enterprise, unveiled today the results of a year-long investigation into geographic locations of business email compromise (BEC) cybercriminals. Today’s announcement pinpoints for the first time where email scammers are located globally and maps their tangled web of money mules. Agari Cyber...
Blog
Blog

The Global Reach of Business Email Compromise (BEC)

Mon, 10/12/2020
Over the last five years, Business Email Compromise (BEC) has evolved into the predominant cyber threat businesses face today. Since 2016, businesses have lost at least $26 billion as a result of BEC scams and, based on the most recent FBI IC3 report , losses from BEC attacks grew another 37 percent in 2019—accounting for 40 percent of all cybercrime losses over the course of the year. The...
ACID Research
Advanced Persistent Threats (APT)
Business Email Compromise
Cloud Email Security
Blog
Blog

Agari Fall ' 20 Release Boosts CISO Confidence in Enterprise DMARC Deployment

Tue, 09/29/2020
With cyber gangs leveraging business email compromise (BEC) attacks that actively exploit their targets' level of DMARC adoption, CISOs have been ratcheting up email security. Until now, the need to dial up defenses against imposters posing as senior executives in email attacks has been increasingly forcing legitimate business correspondence into quarantine. The chain reaction kneecaps commerce...
ACID Research
Advanced Persistent Threats (APT)
Business Email Compromise
Cloud Email Security
DMARC Email Authentication
Blog
Blog

Brand Indicators for Message Identification (BIMI) Adoption Soaring to New Heights

Wed, 09/23/2020
For a growing number of email marketers, it may be "BIMI or bust." As of June 30, nearly 5,300 companies have adopted Brand Indicators for Message Identification ( BIMI ), a new email standard for showcasing a brand's logo next to its email messages in recipient inboxes, with built-in protections against phishing-based brand spoofing. The tally reflects a 3.8X increase in the number of brands...
ACID Research
Cloud Email Security
DMARC Email Authentication
BIMI Brand Impressions
Blog
Blog

Why Full DMARC Protection is a Pressing Business Imperative in 2020 and Beyond

Tue, 09/15/2020
If you haven't deployed Domain-based Messaging Authentication, Reporting, and Conformance (DMARC) to protect your brand from being impersonated in phishing scams, there are pressing reasons to jump on it now. Without a doubt, these are extraordinary times for individuals and organizations alike as we've been forced to change the way we work, shop, play, and live seemingly overnight, and for far...
ACID Research
Advanced Persistent Threats (APT)
Business Email Compromise
Cloud Email Security
DMARC Email Authentication
Blog
Blog

DMARC: How Phishing Rings Can Use Your Email Authentication Controls Against You

Thu, 07/23/2020
In the first reported case of its kind, a phishing ring in Eastern Europe is exploiting companies' own Domain-based Message Authentication, Reporting and Conformance ( DMARC ) controls to impersonate CEOs in business email compromise (BEC) scams worth millions. As detailed in our new threat actor dossier on a group we call Cosmic Lynx , the Agari Cyber Intelligence Division (ACID) has identified...
ACID Research
Advanced Persistent Threats (APT)
Business Email Compromise
Cloud Email Security
DMARC Email Authentication
Blog
Blog

Business Email Compromise: New Shift in BEC Threat Landscape Puts CISOs on Notice

Fri, 07/17/2020
A seismic shift in the email threat landscape has CISOs bracing for sophisticated new forms of business email compromise (BEC) scams, as phishing's center of gravity begins to tilt from West African email scammers toward Russian and Eastern European cybercrime lords. As detailed in our new threat actor dossier on a threat group we call Cosmic Lynx , the Agari Cyber Intelligence Division (ACID) has...
Advanced Persistent Threats (APT)
Business Email Compromise
Cloud Email Security
DMARC Email Authentication
Blog
Blog

Cosmic Lynx: A Russian Threat Hits the BEC Scene

Mon, 07/06/2020
“At some point, Russian and Eastern European cybercriminals are going to start thinking to themselves, ‘Why am I spending all of this time and money setting up infrastructure and hiring malware developers when I can just send someone an email, ask them to send me money, and they’ll do it.’” For more than a year, this is a line we have used over and over again, expecting that some of the world’s...
Advanced Persistent Threats (APT)
Business Email Compromise
Cloud Email Security
Blog
Blog

Agari Summer '20 Release: CISOs Gain Unique Threat Intel to Their Organizations

Tue, 06/30/2020
With business email compromise (BEC) scams up sharply amid the coronavirus pandemic, CISOs have been forced to scour an expanding but largely inscrutable email threat landscape in hopes of fending off costly attacks—until now, that is. In an industry first, the new Agari Summer '20 Release offers CISOs access to real-world intelligence on specific phishing threats unique to their organizations...
Advanced Persistent Threats (APT)
Business Email Compromise
Blog
Blog

Phishing: With Zero-Day Email Attacks Rising, Are Some Companies Giving Up the Fight?

Mon, 06/15/2020
Amid a troubling rise in zero-day phishing attacks, recent research suggests that some companies may be making an ill-advised shift away from blocking advanced email threats to responding to them post-delivery. If true, the capitulation couldn't come at a worse time. Since January, cybercriminals taking advantage of the COVID-19 outbreak have been targeting businesses and individuals with an...
Advanced Threat Protection
Anti-Phishing
Phishing Simulation & Training
Remote Workforce Protection
Cloud Email Security
Email Security for G-Suite
Email Security for Office 365