Resources

qr-code-mobile
Blog
Blog

QR Codes That Don't Bode Well - The Harm That Quishing Attacks Can Do

By Monica Delyani on Thu, 01/18/2024
Most organisations have security controls in place to inspect URLs in emails to prevent the risk of credential phishing and business email compromise (BEC) attacks. However, threat adversaries have pivoted their tactics to bypass security stacks. And clicking these types of attacks often leads to account takeover. In fact, data from Fortra’s PhishLabs in Q2 2023 reported more than three-quarters...
Advanced Threat Protection
Anti-Phishing
On-Demand Webinar
On-Demand Webinar

QR Codes That Aren't Cool Webinar

Threat adversaries have pivoted their credential phishing and BEC tactics in order to bypass security stacks. In this video, Fortra’s Advanced Email Security expert, Dr. Steve Jeffery, discusses how the QR code has become the carrier of choice for delivering payloads via email and what your organization needs to put in place to stop them. You’ll learn: How human and machine mitigations help ward...
Advanced Persistent Threats (APT)
Business Email Compromise
Spear Phishing
Advanced Threat Protection
Anti-Phishing
Cloud Email Security
On-Demand Webinar
On-Demand Webinar

DMARC Revisited: Email Authentication in 2024

Implementing DMARC is one of the simplest ways to prevent email spoofing and ensure consistent email deliverability. Agari DMARC Protection will lead you through a safe and efficient DMARC implementation with features that allow you to: Catalogue and authenticate all legitimate senders–both 3rd-party and internal Navigate past common authentication pitfalls Comply with today’s major email provider...
Advanced Persistent Threats (APT)
Business Email Compromise
Spear Phishing
Advanced Threat Protection
Anti-Phishing
Cloud Email Security
On-Demand Webinar
On-Demand Webinar

How to Protect Against Advanced Email Threats

Thu, 12/08/2022
Unfortunately, the bad news about data breaches, cybersecurity scams, and email attacks is constant and the numbers are more staggering with each year. Learn which steps to take now to protect your organization’s email ecosystem, such as collecting threat intelligence, mitigating against brand impersonation, and training your employees on security awareness, all while maintaining compliance.
Advanced Threat Protection
Anti-Phishing
Cloud Email Security
DMARC Email Authentication
Blog
Blog

How to Run Simulated Phishing Campaigns

Tue, 09/13/2022
Here's how to run a simulated phishing campaign to test and train your employees before they receive an actual phishing email. What is a Phishing Campaign? To be clear, when we say “phishing campaign,” we’re not referring to malicious, black-hat phishing campaigns. A simulated phishing campaign is part of an internal training program to raise employee awareness about real-world phishing attacks...
Advanced Threat Protection
Anti-Phishing
Blog
Blog

The “i'’s” Have It: How BEC Scammers Validate New Targets with Blank Emails

Fri, 07/29/2022
Have you ever received a blank email from someone you don’t know? If you have, it may have been from a cybercriminal making sure your email account is legitimate prior to a Business Email Compromise (BEC) attack. Agari and PhishLabs define BEC as any response-based spear phishing attack involving the impersonation of a trusted party to trick victims into making an unauthorized financial...
ACID Research
Advanced Persistent Threats (APT)
Consumer Phishing
Spear Phishing
Blog
Blog

2022 Data Privacy Week – Education and Inspiration

Mon, 01/24/2022
As the world becomes more and more dependent on online resources to complete daily tasks, such as work meetings, grocery shopping, and even exercising, the risk of cyber attacks, data breaches, and information stealing increases. If you’re not already protecting your personal information online, now is the perfect time to start, as Data Privacy Weeks kicks off today. Led by the National Cyber...
Advanced Persistent Threats (APT)
Data Breach
Social Engineering
Advanced Threat Protection
Anti-Phishing
Agari blog thumbnail
Blog
Blog

Six Steps to Email Security Best Practice

Thu, 01/13/2022
To help IT teams define a robust email security policy and determine what’s required from an email security solution, we’ve put together a new six-step guide.
Advanced Persistent Threats (APT)
Advanced Threat Protection
Anti-Phishing
Cloud Email Security
Blog
Blog

Common Phishing Email Attacks | Examples & Descriptions

Thu, 12/16/2021
What does a phishing email look like? We've compiled phishing email examples to help show what a spoofed email looks like to prevent against phishing attacks. Brand deception phishing is the most common example of phishing people will come across. Brand deception phishing occurs when an attacker mimics a trusted company in an email and asks someone for their personal information like credit card...
Advanced Persistent Threats (APT)
Business Email Compromise
Advanced Threat Protection
Anti-Phishing
Cloud Email Security
Blog
Blog

It’s the Most Wonderful Time of the Year… for Cybercriminals

Mon, 11/29/2021
The holiday season is upon us, which means it’s also the busiest time of the year for online shopping. There’s Black Friday, Cyber Monday, and gifts to buy for loved ones. Plus, gifts to buy for yourself when the deals are this good! But beware, for cybercriminals ‘tis also the season to scam millions of dollars from unsuspecting people and companies. They’re banking on people being in a rush and...
Advanced Threat Protection
Anti-Phishing
Phishing Simulation & Training
Cloud Email Security
DMARC Email Authentication
Blog
Blog

TLS Email Encryption: What It Is & How to Check if Your Email Is Using It

Mon, 06/21/2021
What exactly is TLS when it comes to email encryption? TLS, or cybersecurity protocol Transport Layer Security first developed by the Internet Engineering Task Force (IETF), was designed to establish secure communications that provide both privacy and data security. Originally created from another encryption protocol called Secure Sockets Layer, or SSL, you may hear others use SSL and TLS...
Advanced Persistent Threats (APT)
Business Email Compromise
Advanced Threat Protection
Anti-Phishing
Cloud Email Security
DMARC Email Authentication
Blog
Blog

Inside a Compromised Account: How Cybercriminals Use Credential Phishing to Further BEC Scams

Mon, 06/07/2021
Why would a cybercriminal spend time developing malware when he can simply trick unsuspecting users into handing over their passwords? Why would a threat actor spend her money and resources on ransomware, when she can get that same information through a compromised account? It’s a good question, and exactly what the Agari Cyber Intelligence Division wanted to discover. In a growing trend known as...
ACID Research
Advanced Persistent Threats (APT)
Business Email Compromise
Blog
Blog

Cyber Threat Intelligence: How to Stay Ahead of Threats

Tue, 05/18/2021
Generally defined, cyber threat intelligence is information used to better understand possible digital threats that might target your organization. This data will help identify threats in order to prevent security breaches in the future. Why Cyber Threat Intelligence is Important Having a system in place that can produce threat intelligence is critical to staying ahead of digital threats, as well...
ACID Research
Advanced Threat Protection
Anti-Phishing
Blog
Blog

Frost Radar Names Agari as a Leader in Email Security

Wed, 04/28/2021
Three months ago, when I joined Agari as the Chief Marketing Officer, I knew that I was joining a leader in email security. I knew this partially because I worked for Agari from 2016-2019 during an exciting time of change for the company. But my time away from Agari made me realize how much it has to offer its customers and partners, which is ultimately why I decided to return. And I’m thrilled to...
ACID Research
Blog
Blog

Agari Report: New BEC Scam 7X More Costly Than Average, Bigger Phish Start Angling In

Tue, 03/02/2021
Sophisticated new threat actors, evolving phishing tactics, and a $800,000 business email compromise (BEC) scam in the second half of 2020 all signal big trouble ahead, according to new analysis from the Agari Cyber Intelligence Division (ACID). As captured in our H1 2021 Email Fraud & Identity Deception Trends Report , successful attacks on Magellan Health, GoDaddy, and the SolarWinds "hack of...
Advanced Persistent Threats (APT)
Business Email Compromise
Advanced Threat Protection
Anti-Phishing
Cloud Email Security
Blog
Blog

Cosmic Lynx Returns in 2021 with Updated Tricks

Thu, 02/11/2021
In July 2020, we published a report on a Russian-based BEC group we called Cosmic Lynx . In that report , we described the tactics used by the group, which included its targeting of senior executives at large companies with a global footprint and how it uses mergers and acquisitions (M&A) themes in its BEC email lures. Shortly after we published the report, we saw a significant decrease in Cosmic...
ACID Research
Advanced Persistent Threats (APT)
Business Email Compromise
Cloud Email Security
Blog
Blog

How to Make Oauth2 Play Nice with EKS Ingress

Tue, 12/22/2020
Over the course of my technical career, I’ve always thought of Oauth2 to, frankly, be a bit of a pain. Oauth2 offers a mind boggling amount of possibilities and is the basis of many authorization workflows. However, I have found the documentation and supporting examples of how to integrate Oauth2 somewhat lacking. I hope that someone out in the ether will find this blog post and save a few days of...
Advanced Persistent Threats (APT)
Social Engineering
Advanced Threat Protection
Anti-Phishing
Cloud Email Security