Resources

Blog

Emails Reported as Malicious Reach Four-Quarter High in Q3

The volume of malicious emails reported in corporate inboxes has reached a four-quarter high, according to the latest data from Fortra's PhishLabs.
Press Release

The Last Watchdog: The Drivers Behind Persistent Ransomware and Defensive Tactics to Deploy

In his guest essay for The Last Watchdog, Eric George, Director of Solutions Engineering at PhishLabs by, explains what ransomware is, who the high-stake threat actors are, and how organizations can defend themselves against ransomware attacks. Originally published in The Last Watchdog “Ransomware usually starts with a phishing email. An unsuspecting employee will open a legitimate-looking message...
Blog

The “i'’s” Have It: How BEC Scammers Validate New Targets with Blank Emails

Have you ever received a blank email from someone you don’t know? If you have, it may have been from a cybercriminal making sure your email account is legitimate prior to a Business Email Compromise (BEC) attack. Agari and PhishLabs define BEC as any response-based spear phishing attack involving the impersonation of a trusted party to trick victims into making an unauthorized financial...
Video

What is Ransomware?

Transcript Ransomware really is continuing to be that go-to attack for attackers, and it's really one of the most effective ways that they have to extort businesses and compromise user data. How does ransomware work? Well, typically, it's delivered via infected email attachments or via compromised websites or contact management systems. Here at Agari, we actually think that the best way to...
Press Release

How Enterprises Can Defend Against Rapidly Evolving Ransomware

Ransomware threats can change daily, making consumers and businesses more vulnerable than ever. Names like Angler malvertising, Locky ransomware and Angler Exploit Kit frequently crop up in the news, despite law enforcement’s best efforts to contain them. Simply put, malware is popular because it’s successful. Cyber criminals make an estimated 1,425% ROI for exploit kit and ransomware schemes...
Guide

Ransomware: Exploring the Leading Cyber Extortion Tool

Ransomware has evolved from targeting individuals to extorting large sums of money from businesses with the threat of releasing or destroying their private company data. This type of email-based attack can cause tremendous financial losses as well as reputation damage that’s difficult and expensive to repair. Read our ransomware white paper now for insights from Agari Chief Scientist Markus...
Blog

Inside a Compromised Account: How Cybercriminals Use Credential Phishing to Further BEC Scams

Why would a cybercriminal spend time developing malware when he can simply trick unsuspecting users into handing over their passwords? Why would a threat actor spend her money and resources on ransomware, when she can get that same information through a compromised account? It’s a good question, and exactly what the Agari Cyber Intelligence Division wanted to discover. In a growing trend known as...
Blog

Cyber Threat Intelligence: How to Stay Ahead of Threats

Generally defined, cyber threat intelligence is information used to better understand possible digital threats that might target your organization. This data will help identify threats in order to prevent security breaches in the future. Why Cyber Threat Intelligence is Important Having a system in place that can produce threat intelligence is critical to staying ahead of digital threats, as well...
Blog

Frost Radar Names Agari as a Leader in Email Security

Three months ago, when I joined Agari as the Chief Marketing Officer, I knew that I was joining a leader in email security. I knew this partially because I worked for Agari from 2016-2019 during an exciting time of change for the company. But my time away from Agari made me realize how much it has to offer its customers and partners, which is ultimately why I decided to return. And I’m thrilled to...
Blog

Cosmic Lynx Returns in 2021 with Updated Tricks

In July 2020, we published a report on a Russian-based BEC group we called Cosmic Lynx . In that report , we described the tactics used by the group, which included its targeting of senior executives at large companies with a global footprint and how it uses mergers and acquisitions (M&A) themes in its BEC email lures. Shortly after we published the report, we saw a significant decrease in Cosmic...
Blog

The Global Reach of Business Email Compromise (BEC)

Over the last five years, Business Email Compromise (BEC) has evolved into the predominant cyber threat businesses face today. Since 2016, businesses have lost at least $26 billion as a result of BEC scams and, based on the most recent FBI IC3 report , losses from BEC attacks grew another 37 percent in 2019—accounting for 40 percent of all cybercrime losses over the course of the year. The...
Blog

Agari Fall ' 20 Release Boosts CISO Confidence in Enterprise DMARC Deployment

With cyber gangs leveraging business email compromise (BEC) attacks that actively exploit their targets' level of DMARC adoption, CISOs have been ratcheting up email security. Until now, the need to dial up defenses against imposters posing as senior executives in email attacks has been increasingly forcing legitimate business correspondence into quarantine. The chain reaction kneecaps commerce...
Blog

Brand Indicators for Message Identification (BIMI) Adoption Soaring to New Heights

For a growing number of email marketers, it may be "BIMI or bust." As of June 30, nearly 5,300 companies have adopted Brand Indicators for Message Identification ( BIMI ), a new email standard for showcasing a brand's logo next to its email messages in recipient inboxes, with built-in protections against phishing-based brand spoofing. The tally reflects a 3.8X increase in the number of brands...
Blog

Why Full DMARC Protection is a Pressing Business Imperative in 2020 and Beyond

If you haven't deployed Domain-based Messaging Authentication, Reporting, and Conformance (DMARC) to protect your brand from being impersonated in phishing scams, there are pressing reasons to jump on it now. Without a doubt, these are extraordinary times for individuals and organizations alike as we've been forced to change the way we work, shop, play, and live seemingly overnight, and for far...
Blog

DMARC: How Phishing Rings Can Use Your Email Authentication Controls Against You

In the first reported case of its kind, a phishing ring in Eastern Europe is exploiting companies' own Domain-based Message Authentication, Reporting and Conformance ( DMARC ) controls to impersonate CEOs in business email compromise (BEC) scams worth millions. As detailed in our new threat actor dossier on a group we call Cosmic Lynx , the Agari Cyber Intelligence Division (ACID) has identified...
Blog

Phishing: With Zero-Day Email Attacks Rising, Are Some Companies Giving Up the Fight?

Amid a troubling rise in zero-day phishing attacks, recent research suggests that some companies may be making an ill-advised shift away from blocking advanced email threats to responding to them post-delivery. If true, the capitulation couldn't come at a worse time. Since January, cybercriminals taking advantage of the COVID-19 outbreak have been targeting businesses and individuals with an...
Blog

From One to Many: Scattered Canary Evolves from One-Man Startup to BEC Enterprise

There is no denying that business email compromise (BEC) is big business, with losses exceeding a billion dollars in the United States in the last year alone. Globally, BEC attacks have cost more than $13 billion in the last five years. Chances are likely that you’ve probably been a recipient of one of these social-engineered emails yourself. But the question remains… who is behind these...
Blog

Quick, Urgent, Request: Agari Research Reveals Top Ten Subject Lines Used for BEC

You likely have a fraudulent email from a business email compromise (BEC) scammer sitting in your inbox, and you may not realize it. However, recent research from the Agari Cyber Intelligence Division (ACID) has shown that these advanced phishing attacks increasingly possess a handful of commonalities, making them easier to spot—which is good news considering their popularity. There are more BEC...
Video

Agari Identity Graph

Transcript The Agari Identity Graph is the AI-powering Agari Suite of advanced email security solutions, protecting your inbox from costly and damaging phishing schemes, account takeovers, and business email compromise attacks. The Graph leverages machine learning and makes over 300 million model updates each day, analyzing tens of billions of emails flowing through the Secure Email Cloud. The...