Resources

Blog
Blog

From One to Many: Scattered Canary Evolves from One-Man Startup to BEC Enterprise

Tue, 06/04/2019
There is no denying that business email compromise (BEC) is big business, with losses exceeding a billion dollars in the United States in the last year alone. Globally, BEC attacks have cost more than $13 billion in the last five years. Chances are likely that you’ve probably been a recipient of one of these social-engineered emails yourself. But the question remains… who is behind these...
ACID Research
Advanced Persistent Threats (APT)
Business Email Compromise
Blog
Blog

Quick, Urgent, Request: Agari Research Reveals Top Ten Subject Lines Used for BEC

Mon, 05/13/2019
You likely have a fraudulent email from a business email compromise (BEC) scammer sitting in your inbox, and you may not realize it. However, recent research from the Agari Cyber Intelligence Division (ACID) has shown that these advanced phishing attacks increasingly possess a handful of commonalities, making them easier to spot—which is good news considering their popularity. There are more BEC...
ACID Research
Advanced Persistent Threats (APT)
Business Email Compromise
Blog
Blog

Why iTunes? A Look into Gift Cards as an Emerging BEC Cash Out Method

Wed, 03/27/2019
One of the trends that has been slowly creeping up across the BEC threat landscape is that actors are using other techniques in order to get money outside of an organization. While a traditional BEC attack includes instructions for wiring money outside of the organization, more and more actors are asking for a large number of gift cards instead of the classical request of “Please wire $30,000 to...
Advanced Persistent Threats (APT)
Business Email Compromise
Blog
Blog

Protecting our Clients from Email Spoofing: Our DMARC Journey

Tue, 03/26/2019
This post originally appeared on the Armadillo Blog and has been lightly edited for clarity. Most organisations have been successful in blocking malicious emails targeted at their employees, at least to some extent. Various on-premise and cloud providers exist to take care of anti-spam, anti-virus, reputation scores, and advanced features such as sandboxing of executables. As a service provider...
Cloud Email Security
DMARC Email Authentication
SPF
DKIM
Blog
Blog

New “BEC-as-a-Service” Trend Means Just About Anyone Can Launch an Attack

Tue, 01/22/2019
Business email compromise (BEC) fraud is a lucrative venture, and now that industry is expanding in a troubling way—by lowering the barrier to entry so that anyone with a couple hundred bucks can outsource a BEC attack. BEC criminals are organized, behaving in many ways like legitimate businesses . And just like any successful company in a growing industry, these criminals are looking to add...
Advanced Persistent Threats (APT)
Business Email Compromise
Cloud Email Security
Blog
Blog

M&As Put Your Company at Risk for BEC Losses and Data Breach Liability

Thu, 01/17/2019
Mergers and acquisitions can build your company's value overnight, but business email compromise (BEC) and data breaches can tear it down just as quickly. Too often, M&A announcements are followed by waves of BEC attacks against the companies involved, or by news that the target company was the victim of a data breach. To get the most value from a merger or acquisition, you need to know how to...
Advanced Persistent Threats (APT)
Business Email Compromise
Data Breach
Spear Phishing
Cloud Email Security
Press Release
Press Release

New Cybersecurity Book Highlights Growing Threat of Social Engineering

Book Offers Tools and Techniques to Prevent Social Engineering-based Email Attacks SAN MATEO, Calif. – Dec. 13, 2016 – Agari , a leading cybersecurity company, today announced the release of a new book by Agari Chief Scientist Markus Jakobsson and other cybersecurity thought leaders, Understanding Social Engineering Based Scams . The book describes the increased use of social engineering for email...
Blog
Blog

Don’t Let Your Customers Be Fooled By Cousin Domains

Tue, 12/15/2015
In the last five years, we’ve all become far too familiar with it – hackers spoofing a company’s domain and therefore tarnishing the brand, bad actors attempting to infect our computers with malware, and criminals sending millions of spam messages. As if this isn’t enough, now there is a whole group of people working to outsmart companies AND their customers by using cousin domains to fool...
Cloud Email Security
DMARC Email Authentication
SPF
DKIM
Blog
Blog

What is Identifier Alignment?

Tue, 10/07/2014
When you begin to work with DMARC, you realize just how important identifier alignment is. Identifier alignment forces the domains authenticated by SPF and DKIM to have a relationship to the "header From" domain. Header From Domain and the MailFrom domain are different? Yes, they are! Hearing these terms can confuse people. They sound like the same thing, but in reality they are not. The...
Cloud Email Security
DMARC Email Authentication
DKIM
Blog
Blog

What are the Differences Between DomainKeys (DK) and DKIM?

Tue, 09/16/2014
This is the second in a new ongoing series for us that gives you the tips and tricks you need for successful DMARC deployment . Read the previous tip here . DomainKeys Identified Mail (DKIM) is the successor to Yahoo DomainKeys. Both share similarities, however DKIM has the additional aspects of Cisco's Identified Internet Mail standard (IIM). The enhancements to this standard gives more security...
Cloud Email Security
DMARC Email Authentication
DKIM
Blog
Blog

DMARC is Transformational

Thu, 07/03/2014
The Benefits of Monitor Mode When a technology exists that can tell you if and when your domains are being spoofed (and by who), why would you not use it?! What is DMARC? DMARC was created to address some fundamental problems with existing email authentication technologies (SPF and DKIM). It provides feedback about your email authentication implementation and gives ISPs (Google, Yahoo!, Microsoft...
Cloud Email Security
DMARC Email Authentication
SPF
DKIM