Resources

Blog

What Is Whaling Phishing & How Does It Work?

“Whaling” phishing fraud attacks target the C-suite of a company which creates high risk of extremely sensitive, mission-critical data being stolen and exposed. Fortunately, protecting the organization from these attacks is possible. Whaling phishing is a type of phishing attack targeting larger, high-value targets, which is why it's called "Whaling." Attackers themselves often pretend to be C...
Blog

The “i'’s” Have It: How BEC Scammers Validate New Targets with Blank Emails

Have you ever received a blank email from someone you don’t know? If you have, it may have been from a cybercriminal making sure your email account is legitimate prior to a Business Email Compromise (BEC) attack. Agari and PhishLabs define BEC as any response-based spear phishing attack involving the impersonation of a trusted party to trick victims into making an unauthorized financial...
Blog

What Is Email Phishing? Protect Your Enterprise

Phishing emails can steal sensitive data and cost companies' their reputation. However, protecting a company from these scammers doesn't need to be difficult. What Is Email Phishing? Phishing is when an attacker mimics a trusted person or brand in an attempt to steal sensitive information, or gain a foothold inside a company network. While phishing emails are by far the most popular, these attacks...
Blog

Inside a Compromised Account: How Cybercriminals Use Credential Phishing to Further BEC Scams

Why would a cybercriminal spend time developing malware when he can simply trick unsuspecting users into handing over their passwords? Why would a threat actor spend her money and resources on ransomware, when she can get that same information through a compromised account? It’s a good question, and exactly what the Agari Cyber Intelligence Division wanted to discover. In a growing trend known as...
Blog

Cyber Threat Intelligence: How to Stay Ahead of Threats

Generally defined, cyber threat intelligence is information used to better understand possible digital threats that might target your organization. This data will help identify threats in order to prevent security breaches in the future. Why Cyber Threat Intelligence is Important Having a system in place that can produce threat intelligence is critical to staying ahead of digital threats, as well...
Blog

Frost Radar Names Agari as a Leader in Email Security

Three months ago, when I joined Agari as the Chief Marketing Officer, I knew that I was joining a leader in email security. I knew this partially because I worked for Agari from 2016-2019 during an exciting time of change for the company. But my time away from Agari made me realize how much it has to offer its customers and partners, which is ultimately why I decided to return. And I’m thrilled to...
Blog

Cosmic Lynx Returns in 2021 with Updated Tricks

In July 2020, we published a report on a Russian-based BEC group we called Cosmic Lynx . In that report , we described the tactics used by the group, which included its targeting of senior executives at large companies with a global footprint and how it uses mergers and acquisitions (M&A) themes in its BEC email lures. Shortly after we published the report, we saw a significant decrease in Cosmic...
Blog

What is Email Spoofing & How to Stop Attackers from Spoofing Your Email Address

What is email spoofing, how does it work, and why is it so dangerous to your company? We’ll explain everything you need to proactively stop attackers from spoofing your email address. Email Spoofing: What Is It? Email spoofing is when a fraudster forges an email header’s ‘From’ address to make it appear as if it was sent by someone else, usually a known contact like a high-level executive or...
Blog

The Global Reach of Business Email Compromise (BEC)

Over the last five years, Business Email Compromise (BEC) has evolved into the predominant cyber threat businesses face today. Since 2016, businesses have lost at least $26 billion as a result of BEC scams and, based on the most recent FBI IC3 report , losses from BEC attacks grew another 37 percent in 2019—accounting for 40 percent of all cybercrime losses over the course of the year. The...
Blog

Agari Fall ' 20 Release Boosts CISO Confidence in Enterprise DMARC Deployment

With cyber gangs leveraging business email compromise (BEC) attacks that actively exploit their targets' level of DMARC adoption, CISOs have been ratcheting up email security. Until now, the need to dial up defenses against imposters posing as senior executives in email attacks has been increasingly forcing legitimate business correspondence into quarantine. The chain reaction kneecaps commerce...
Blog

Brand Indicators for Message Identification (BIMI) Adoption Soaring to New Heights

For a growing number of email marketers, it may be "BIMI or bust." As of June 30, nearly 5,300 companies have adopted Brand Indicators for Message Identification ( BIMI ), a new email standard for showcasing a brand's logo next to its email messages in recipient inboxes, with built-in protections against phishing-based brand spoofing. The tally reflects a 3.8X increase in the number of brands...
Blog

Why Full DMARC Protection is a Pressing Business Imperative in 2020 and Beyond

If you haven't deployed Domain-based Messaging Authentication, Reporting, and Conformance (DMARC) to protect your brand from being impersonated in phishing scams, there are pressing reasons to jump on it now. Without a doubt, these are extraordinary times for individuals and organizations alike as we've been forced to change the way we work, shop, play, and live seemingly overnight, and for far...
Blog

DMARC: How Phishing Rings Can Use Your Email Authentication Controls Against You

In the first reported case of its kind, a phishing ring in Eastern Europe is exploiting companies' own Domain-based Message Authentication, Reporting and Conformance ( DMARC ) controls to impersonate CEOs in business email compromise (BEC) scams worth millions. As detailed in our new threat actor dossier on a group we call Cosmic Lynx , the Agari Cyber Intelligence Division (ACID) has identified...
Blog

Preventing Phishing Attacks:  The Dangers of Two-Factor Authentication

Are you protecting your remote workers against an endless barrage of COVID-19 related phishing attacks by requiring 2-factor authentication (2FA) to log into employee email accounts? Smart move—just don't let it give you a false sense of security.
Blog

How to Stop Phishing Message Voicemail Attacks

At Agari we often talk about the evolving nature of advanced email attacks and the identity deception tactics that go with them. These attacks bypass legacy controls and like a magician delighting a curious audience, they trick the human psyche by targeting core human emotions such as fear, anxiety and curiosity. Of course, the magic in this case comes with ill intent. A good example of a...
Blog

From One to Many: Scattered Canary Evolves from One-Man Startup to BEC Enterprise

There is no denying that business email compromise (BEC) is big business, with losses exceeding a billion dollars in the United States in the last year alone. Globally, BEC attacks have cost more than $13 billion in the last five years. Chances are likely that you’ve probably been a recipient of one of these social-engineered emails yourself. But the question remains… who is behind these...
Blog

Quick, Urgent, Request: Agari Research Reveals Top Ten Subject Lines Used for BEC

You likely have a fraudulent email from a business email compromise (BEC) scammer sitting in your inbox, and you may not realize it. However, recent research from the Agari Cyber Intelligence Division (ACID) has shown that these advanced phishing attacks increasingly possess a handful of commonalities, making them easier to spot—which is good news considering their popularity. There are more BEC...
Blog

M&As Put Your Company at Risk for BEC Losses and Data Breach Liability

Mergers and acquisitions can build your company's value overnight, but business email compromise (BEC) and data breaches can tear it down just as quickly. Too often, M&A announcements are followed by waves of BEC attacks against the companies involved, or by news that the target company was the victim of a data breach. To get the most value from a merger or acquisition, you need to know how to...
Blog

Email Phishing Scam Continues to Target College Students

According to a public service announcement issued by the FBI, college students across the United States continue to be targeted in a common email phishing scam that lures students in with the promise of employment. It works like this: email Scammers advertise phony job opportunities on college employment websites or students receive emails on their student accounts recruiting them for fictitious...