Resources

Guide

Silent Starling Threat Dossier: BEC to VEC

Vendor email compromise is a new form of advanced email attack that uses compromised email accounts to target the global supply chain. With the cybercriminal group we’ve named Silent Starling, we see how devastating these attacks can be. Download the threat actor dossier to: How Silent Starling uses phishing email lures to target their victims Why compromised email...

Guide

Scattered Canary Threat Dossier

Business email compromise (BEC) has continued to grow into a billion-dollar industry as cybercriminals turn to it as their preferred scam. But with the West African gang we’ve named Scattered Canary, we have deeper insight into how BEC is connected to the rest of cybercrime, and why it has grown in recent years. Download the threat dossier to learn: How Scattered Canary grew...

Guide

Scarlet Widow Part 2: BEC Bitcoin Laundry—Scam, Rinse, Repeat

While many cybercriminal gangs scam medium-sized and large corporations, Agari has now uncovered and documented the practices of a Nigeria-based scammer group, dubbed Scarlet Widow, that has evolved a different strategy focused on more vulnerable sectors such as school districts, universities, and nonprofits. Image In this report, we...

Guide

Cosmic Lynx Threat Dossier: The Rise of Russian BEC

Cosmic Lynx is a Russia-based BEC cybercriminal organization that has significantly impacted the email threat landscape with sophisticated, high-dollar phishing attacks. In this threat dossier, you’ll discover key details about Cosmic Lynx, including: How Cosmic targets global corporations with incredibly sophisticated BEC attacks How Cosmic Lynx exploits DMARC controls to...

Advanced Persistent Threats (APT)

Business Email Compromise

Spear Phishing

Advanced Threat Protection

Anti-Phishing

Cloud Email Security

Guide

Threat Intelligence Brief: The Geography of BEC

Business Email Compromise (BEC) is a worldwide scourge affecting more than three-fourths of the world’s economies. Around the globe, BEC cybercriminals operate with impunity to steal $26 billion each year. The Agari Cyber Intelligence Division conducted nearly 10,000 active engagements with BEC threat actors and captured the scope of BEC’s global footprint and trends. In this...

Guide

Download the Latest Email Fraud & Identity Deception Trends Report

In 2021 alone, the FBI's IC3 report published that over $44 million in losses were a direct result of effective phishing and advanced email scams. The Agari Cyber Intelligence Division analyzed trillions of emails and nearly 500 million Internet domains to uncover the scope and impact of this email fraud… and the trends that benchmark enterprise security teams’ ability to...

Guide

A Federal Agency Guide to Complying with Binding Operational Directive (BOD) 18-01

This document provides tactical guidelines to assist Federal agencies in complying with the Department of Homeland Security Binding Operational Directive (BOD) 18-01 requirements.

Guide

Domains Associated with Exaggerated Lion BEC Campaigns

Below is the list of domains associated with Exaggerated Lion BEC Campaigns. You can access the PDF version of this list by clicking the "Download PDF Version" button at the top of this page. 1secure-portal-server.online admin-office-exec-ssl-secure-server-portal-exec.management admin-office-exec-ssl-secured-server-portal-exec.management admin-server-apps.management admin...

Guide

Getting Started with DMARC: A Guide for Healthcare Organizations

Advanced email attacks against healthcare organizations can result in breached patient data, stolen funds, and brand damage. With DMARC, your organization can secure its email channel, prevent phishing, and maintain the trust you’ve earned with your patients, partners, and providers. Read this white paper to learn: What DMARC is and how it works; The benefits of DMARC for...

Blog

Customer Phishing Protection Couldn’t Be Easier with PhishLabs' Digital Risk Protection

Fri, 07/01/2022

It’s not news that cybercrime is a constant battle—large enterprises and small businesses everywhere are susceptible to a myriad of advanced email threats and socially engineered attacks, such as executive or brand impersonation. According to IC3’s Internet Crime Report, over $44 million in losses in 2021 were a direct result of malicious phishing and advanced email scams....

Blog

5 Big Myths about DMARC, Debunked

By Monica Delyani on Tue, 04/26/2022

With email attacks contributing to billions of lost dollars each year, a growing number of organizations are adopting Domain-based Message Authentication, Reporting & Conformance (DMARC) in an effort to protect themselves and their customers from fraudsters. Adoption of DMARC has steadily gained traction since the onset of the pandemic, and the original email authentication...

Blog

Common Phishing Email Attacks | Examples & Descriptions

Thu, 12/16/2021

What does a phishing email look like? We've compiled phishing email examples to help show what a spoofed email looks like to prevent against phishing attacks. Brand deception phishing is the most common example of phishing people will come across. Brand deception phishing occurs when an attacker mimics a trusted company in an email and asks someone for their personal...

Blog

What Is Email Phishing? Protect Your Enterprise

Wed, 12/08/2021

Phishing emails can steal sensitive data and cost companies' their reputation. However, protecting a company from these scammers doesn't need to be difficult. What Is Email Phishing? Phishing is when an attacker mimics a trusted person or brand in an attempt to steal sensitive information, or gain a foothold inside a company network. While phishing emails are by far the...

Blog

It’s the Most Wonderful Time of the Year… for Cybercriminals

Mon, 11/29/2021

The holiday season is upon us, which means it’s also the busiest time of the year for online shopping. There’s Black Friday, Cyber Monday, and gifts to buy for loved ones. Plus, gifts to buy for yourself when the deals are this good! But beware, for cybercriminals ‘tis also the season to scam millions of dollars from unsuspecting people and companies. They’re banking on people...

Blog

TLS Email Encryption: What It Is & How to Check if Your Email Is Using It

Mon, 06/21/2021

What exactly is TLS when it comes to email encryption? Image TLS, or cybersecurity protocol Transport Layer Security first developed by the Internet Engineering Task Force (IETF), was designed to establish secure communications that provide both privacy and data security. Originally created from another encryption protocol called...

Blog

Inside a Compromised Account: How Cybercriminals Use Credential Phishing to Further BEC Scams

Mon, 06/07/2021

Why would a cybercriminal spend time developing malware when he can simply trick unsuspecting users into handing over their passwords? Why would a threat actor spend her money and resources on ransomware, when she can get that same information through a compromised account? It’s a good question, and exactly what the Agari Cyber Intelligence Division wanted to discover. In a...

Blog

How to Implement the BIMI-Selector Header for Multiple Brands

Thu, 05/20/2021

Wondering what Brand Indicators for Message Identification actually means? Here, we’ll cover the basics of BIMI, what the BIMI-selector header is, what it does, whether you need it, and how to implement it. But first, do you really need the BIMI-selector header? In most cases, you only need the BIMI-selector header if you want to support multiple logos for multiple brands or...

Blog

5.8B Malicious Emails Spoofed Domains; 76% of Fortune 500 Still at Risk: DMARC Results from Agari

Wed, 05/05/2021

Global adoption of Domain-based Messaging, Reporting & Conformance (DMARC) topped 10.7 million email domains worldwide in 2020—reflecting a 32% increase in just six months, according to our H1 2021 Email Fraud & Identity Trends Report. The total number of domains with DMARC set to its highest level of protection against email spoofing climbed to 3.8 million during the same...

Blog

What is DMARC? Effects on Email Spoofing & Deliverability

Tue, 04/20/2021

Wondering how DMARC affects email? Here’s a comprehensive guide explaining what DMARC is, how it affects email, and why your company needs it for security. What is DMARC? What does DMARC mean? DMARC, short for Domain-based Message Authentication, Reporting and Conformance, is an email authentication protocol to help email administrators prevent fraudsters from spoofing email...

Blog

Protecting Digital Communications During the Digital Transformation: A Look Back at Trust 2021

Wed, 04/14/2021

While we’re all Zoomed, Webexed and Teamed out after thirteen months of the pandemic, cybercriminals are taking advantage of the situation. They know we’re heavily relying on digital communications and they’re sending fake emails, pretending to be your boss. They’re sending fake invoices, pretending to be your vendor. They’re even sending fake requests for gift cards, on the...

Silent Starling Threat Dossier: BEC to VEC

Scattered Canary Threat Dossier

Scarlet Widow Part 2: BEC Bitcoin Laundry—Scam, Rinse, Repeat

Cosmic Lynx Threat Dossier: The Rise of Russian BEC

Threat Intelligence Brief: The Geography of BEC

Download the Latest Email Fraud & Identity Deception Trends Report

A Federal Agency Guide to Complying with Binding Operational Directive (BOD) 18-01

Domains Associated with Exaggerated Lion BEC Campaigns

Getting Started with DMARC: A Guide for Healthcare Organizations

Customer Phishing Protection Couldn’t Be Easier with PhishLabs' Digital Risk Protection

5 Big Myths about DMARC, Debunked

Common Phishing Email Attacks | Examples & Descriptions

What Is Email Phishing? Protect Your Enterprise

It’s the Most Wonderful Time of the Year… for Cybercriminals

TLS Email Encryption: What It Is & How to Check if Your Email Is Using It

Inside a Compromised Account: How Cybercriminals Use Credential Phishing to Further BEC Scams

How to Implement the BIMI-Selector Header for Multiple Brands

5.8B Malicious Emails Spoofed Domains; 76% of Fortune 500 Still at Risk: DMARC Results from Agari

What is DMARC? Effects on Email Spoofing & Deliverability

Protecting Digital Communications During the Digital Transformation: A Look Back at Trust 2021

Contact Information

Privacy Policy

Cookie Policy

Impressum