In the first reported case of its kind, a phishing ring in Eastern Europe is exploiting companies' own Domain-based Message Authentication, Reporting and Conformance ( DMARC ) controls to impersonate CEOs in business email compromise (BEC) scams worth millions. As detailed in our new threat actor dossier on a group we call Cosmic Lynx , the Agari Cyber Intelligence Division (ACID) has identified...

Are you protecting your remote workers against an endless barrage of COVID-19 related phishing attacks by requiring 2-factor authentication (2FA) to log into employee email accounts? Smart move—just don't let it give you a false sense of security.

Since the beginning of February, we have seen more than a 3,000% increase in Coronavirus-themed phishing attacks targeting our customers. The spike in attacks is as logical as it is repugnant. With an estimated 75 million employees more reliant than ever on email during the largest "work-from-home experiment" in history, phishing scammers and other threat actors seem hellbent on exploiting...

At Agari we often talk about the evolving nature of advanced email attacks and the identity deception tactics that go with them. These attacks bypass legacy controls and like a magician delighting a curious audience, they trick the human psyche by targeting core human emotions such as fear, anxiety and curiosity. Of course, the magic in this case comes with ill intent. A good example of a...

There is no denying that business email compromise (BEC) is big business, with losses exceeding a billion dollars in the United States in the last year alone. Globally, BEC attacks have cost more than $13 billion in the last five years. Chances are likely that you’ve probably been a recipient of one of these social-engineered emails yourself. But the question remains… who is behind these...

You likely have a fraudulent email from a business email compromise (BEC) scammer sitting in your inbox, and you may not realize it. However, recent research from the Agari Cyber Intelligence Division (ACID) has shown that these advanced phishing attacks increasingly possess a handful of commonalities, making them easier to spot—which is good news considering their popularity. There are more BEC...

This post originally appeared on the Armadillo Blog and has been lightly edited for clarity. Most organisations have been successful in blocking malicious emails targeted at their employees, at least to some extent. Various on-premise and cloud providers exist to take care of anti-spam, anti-virus, reputation scores, and advanced features such as sandboxing of executables. As a service provider...

Every year, more than 5 million homes are bought and sold in the U.S. Given this volume, it should come as no surprise that the real estate industry is a prime target for email-based crimes. Cyber criminals are spoofing (and in some cases taking over) the email accounts of real estate agents, title companies, and others involved in the home buying process. Once the criminal gains access, he or she...

In the last five years, we’ve all become far too familiar with it – hackers spoofing a company’s domain and therefore tarnishing the brand, bad actors attempting to infect our computers with malware, and criminals sending millions of spam messages. As if this isn’t enough, now there is a whole group of people working to outsmart companies AND their customers by using cousin domains to fool...

This is the start of a new ongoing series for us that gives you the tips and tricks you need for successful DMARC deployment. What does "PermError SPF Permanent Error: Too many DNS lookups" mean? There are several safeguards put in place with SPF . One of these is a limitation of DNS lookups to help ensure that you do not have timeout issues. SPF will evaluate only 10 DNS mechanism lookups in an...

The Benefits of Monitor Mode When a technology exists that can tell you if and when your domains are being spoofed (and by who), why would you not use it?! What is DMARC? DMARC was created to address some fundamental problems with existing email authentication technologies (SPF and DKIM). It provides feedback about your email authentication implementation and gives ISPs (Google, Yahoo!, Microsoft...