Preview the latest global phishing benchmarking results and expert security awareness recommendations from Fortra's Terranova Security 2023 Gone Phishing Tournament.
Traditional email security products struggle to detect email impersonation threats such as Business Email Compromise (BEC) and spear phishing campaigns. These threats consistently bypass defenses that rely on signatures and policies like Secure Email Gateways and native-cloud email filters. This guide breaks down how Fortra uses advanced data science, including machine learning models, to find and mitigate attacks that slip past traditional email defenses.
When it comes to email authentication standards, should you use DKIM, SPF, or both? We’re going to cover these terms, when you should use them, what they do—and how best to protect your email domains.
Is it Either/Or—or Both?
Should the battle really be SPF vs. DKIM? While not mandatory, it’s highly recommended to use both SPF and DKIM to protect your email domains from...
The broad scope of counterfeit campaigns and unclear boundaries of abuse make it challenging to successfully mitigate online threats targeting retail brands. There is a fine line between infringement and fair use of publicly made materials, as well as immeasurable online environments where counterfeit campaigns may live and grow.
Have you ever received a blank email from someone you don’t know? If you have, it may have been from a cybercriminal making sure your email account is legitimate prior to a Business Email Compromise (BEC) attack. Agari and PhishLabs define BEC as any response-based spear phishing attack involving the impersonation of a trusted party to trick victims into making an unauthorized...
In this webinar, discover how Agari DMARC Protection automates and simplifies DMARC email authentication so you can get to policy=reject faster.
You will gain valuable insights, such as:
The challenge and limits of DMARC.
The benefits of hosted DMARC, BIMI, SPF, and DKIM records.
How automated discovery helps quickly identify email senders.
Ways to quickly investigate...
Transcript
Social engineering is the use of idiosyncrasies of the way our brains work to trick us into doing something we would otherwise not do.
Let me give you an example. Suppose that you live in an apartment complex that has a secure gate and everyone at that complex has been told, "Don't let strangers in. Don't hold the door for...
Table of Contents
Who is Scarlet Widow?
Femmes Fictionale and Counterfeit Romeos
The Long Con: Making Moves for Money
Starry Eyes for Starling Michael
Up Close and Personal: The Case of "Robert Blackwell"
...
Understanding The Threats
Today’s modern identity-based email attacks exploit the identity of trusted colleagues and brands. However, each varies in the tactics and techniques used. Understanding the differences will be critical in being able to effectively and accurately stop these attacks.
Customer Phishing: Cybercriminals use brand impersonation techniques such as domain...
The Email Authentication Challenge
Email is the #1 way attackers target an organization’s customers and email ecosystem. DMARC authentication, specifically with an enforcement policy of Reject, is the single most effective way to close this vulnerability inherent to email. While the premise of authentication is straightforward, organizations can encounter roadblocks and...
Listen to Bill Burns, Chief Trust Officer and VP of Business Transformation for Informatica, speak about his experience working with Fortra's Agari.
Transcript
I'm Bill Burns, Chief Trust Officer and VP of Business Transformation for Informatica. I've been working with Fortra's Agari for about six years at previous companies, introducing...
Executive Summary
Los Angeles Federal Credit Union (LAFCU) was in the crosshairs of email scammers. Its brand was constantly being spoofed, putting its members at risk of being defrauded. The CTO prioritized email security as part of his broader risk management strategy, and selected Agari as his partner. That was more than a decade ago. Today, domain spoofing is at near-zero....
Organized criminals are targeting businesses with identity deception attacks that cause financial losses and broken trust, but Agari is changing the game. Using responsible active defense techniques to analyze criminal email accounts, the Agari Cyber Intelligence Division (ACID) unmasked 10 cybercriminal groups during a 10-month period. ACID has used the results of its work to:...
Vendor email compromise is a new form of advanced email attack that uses compromised email accounts to target the global supply chain. With the cybercriminal group we’ve named Silent Starling, we see how devastating these attacks can be.
Download the threat actor dossier to:
How Silent Starling uses phishing email lures to target their victims
Why compromised email...
While many cybercriminal gangs scam medium-sized and large corporations, Agari has now uncovered and documented the practices of a Nigeria-based scammer group, dubbed Scarlet Widow, that has evolved a different strategy focused on more vulnerable sectors such as school districts, universities, and nonprofits.
Image
In this report, we...
Why Integrated Email Threat Data Matters
Email is a primary vector for attacks on your business today—and email threats are evolving faster than ever. But actionable data about email attacks is often inaccessible to time-strapped security operations and incident response teams. That disconnect leaves your business vulnerable and unable to mitigate hidden email threats.
...