Resources

Blog
Blog

What Is Whaling Phishing & How Does It Work?

Mon, 10/03/2022
“Whaling” phishing fraud attacks target the C-suite of a company which creates high risk of extremely sensitive, mission-critical data being stolen and exposed. Fortunately, protecting the organization from these attacks is possible. Whaling phishing is a type of phishing attack targeting larger, high-value targets, which is why it's called "Whaling." Attackers themselves...
Advanced Persistent Threats (APT)
Business Email Compromise
Spear Phishing
Cloud Email Security
Press Release
Press Release

Forbes: 8 Ways To Keep Your Social Security Number Safe From Identity Theft

It’s difficult to control your Social Security number in the wild. In his September contribution to Forbes Advisor, John Wilson discusses the most common scams involving Social Security numbers and provides 8 steps individuals can take to prevent identity fraud.   Originally published in Forbes Advisor: “For too many of us, our SSNs are already in the hands of miscreants,...
Article
Article

How to Mitigate Online Counterfeit Threats

Tue, 09/27/2022
The broad scope of counterfeit campaigns and unclear boundaries of abuse make it challenging to successfully mitigate online threats targeting retail brands. There is a fine line between infringement and fair use of publicly made materials, as well as immeasurable online environments where counterfeit campaigns may live and grow.
Advanced Persistent Threats (APT)
Consumer Phishing
Data Breach
Blog
Blog

What Is Email Spoofing & How You Protect Against It

Tue, 09/20/2022
What is Email Spoofing? Email spoofing is one of the most common forms of cybercriminal activity, specifically a form of identity deception that's widely used in phishing and spam attacks. It underpins the mechanism required to conduct hacking activities, and it can take many forms. Unfortunately, most email users will eventually receive an email that has been spoofed—whether...
Advanced Persistent Threats (APT)
Business Email Compromise
Cloud Email Security
DMARC Email Authentication
Blog
Blog

How to Run Simulated Phishing Campaigns

Tue, 09/13/2022
Here's how to run a simulated phishing campaign to test and train your employees before they receive an actual phishing email.  What is a Phishing Campaign? To be clear, when we say “phishing campaign,” we’re not referring to malicious, black-hat phishing campaigns. A simulated phishing campaign is part of an internal training program to raise employee awareness about real...
Advanced Threat Protection
Anti-Phishing
Article
Article

Hybrid Vishing. It's Such A Thing.

Mon, 09/12/2022
In this podcast, John Wilson, senior fellow for threat research at, discusses how vishing, a tactic used to gain PII information from people through phone messages is - like its success - on the rise. Gain insight into this devious scam and the best defense against it. ...
Advanced Persistent Threats (APT)
Press Release
Press Release

Fortra Acquires Outflank, Further Empowering Customers to Thwart Cyberattacks with Advanced Adversary Simulation Services, Offensive Security Tooling, and Training Services

MINNEAPOLIS (September 1, 2022)—Fortra announced today the acquisition of Outflank, a well-regarded IT security leader with deep expertise in adversary simulation; specialist cyber security trainings; and a unique cloud-based software offering for red teams, Outflank Security Tooling (OST). Based in Amsterdam, the team of experts works with prominent financial institutions,...
Press Release
Press Release

ZDNet: Scammers Are Using This Sneaky Trick to Bypass Spam Filters

Hybrid vishing (email-initiated voice phishing) attacks are on the rise. In this ZDNet article, John Wilson discusses the findings from the latest Agari and PhishLabs research and explains what organizations can do to help prevent hybrid vishing attacks. Originally published in ZDNet.com Excerpt: “These emails are particularly adept at getting past attack controls because...
Blog
Blog

The Definitive Report Analyzer: Deciphering DMARC

By Monica Delyani on Sat, 08/20/2022
It takes years to build trusted relationships with your customers — but as all-too-familiar headlines and recounted tales of woe from IT departments tell us, cybercriminals can abuse that trust to trick your customers, employees, and partners into opening their malicious emails in a matter of minutes.   DMARC, or Domain-Based Message Authentication, Reporting, and Conformance,...
Cloud Email Security
DMARC Email Authentication
Blog
Blog

DMARC Authentication: Is DIY’ing it Worth the Risk?

By Monica Delyani on Sat, 08/20/2022
Do-it-yourselfers abound everywhere in these days – from YouTube stars demonstrating the latest hacks through tutorials to entire cable channels and streaming networks devoted to DIY, average laypeople have become self-proclaimed experts in a variety of areas and skills. But should you take a do-it-yourself approach when it comes to technology and email security, or more...
Cloud Email Security
DMARC Email Authentication
Blog
Blog

Office 365 + DMARC: Best Practices for Protecting Your Company & Customers From Phishing Attacks

By John Wilson on Mon, 08/15/2022
In 2021, Gartner includes DMARC, or known by its full name as Domain-based Message Authentication, Reporting & Conformance, in its list of top 10 security projects. With very few exceptions, the best way for organizations to prevent getting impersonated in email attacks is to integrate DMARC into their Office 365-based email ecosystems. To understand why, let’s consider the...
Cloud Email Security
DMARC Email Authentication
Email Security for Office 365
Security Software
Blog
Blog

One Big Threat Protection Problem, One Simple Email Security Solution

Fri, 08/12/2022
There’s no question, Microsoft 365 is a production powerhouse used by millions worldwide. It offers a multitude of robust products that allow easy collaboration and efficiency, and many organizations believe the email security features are adequately protecting them. The harsh truth is that it’s probably not protecting them as much as they think. The proverbial saying goes: ...
Blog
Blog

The “i'’s” Have It: How BEC Scammers Validate New Targets with Blank Emails

Fri, 07/29/2022
Have you ever received a blank email from someone you don’t know? If you have, it may have been from a cybercriminal making sure your email account is legitimate prior to a Business Email Compromise (BEC) attack. Agari and PhishLabs define BEC as any response-based spear phishing attack involving the impersonation of a trusted party to trick victims into making an unauthorized...
ACID Research
Advanced Persistent Threats (APT)
Consumer Phishing
Spear Phishing
Press Release
Press Release

How Enterprises Can Defend Against Rapidly Evolving Ransomware

Ransomware threats can change daily, making consumers and businesses more vulnerable than ever. Names like Angler malvertising, Locky ransomware and Angler Exploit Kit frequently crop up in the news, despite law enforcement’s best efforts to contain them. Simply put, malware is popular because it’s successful. Cyber criminals make an estimated 1,425% ROI for exploit kit and...
Press Release
Press Release

Agari Identifies First-ever Reported Russian BEC Cybercriminal Ring Targeting Executives in 46 Countries Across Six Continents

FOSTER CITY, Calif. (July 7, 2020) -- Agari, the market share leader in phishing defense solutions for the enterprise, revealed today details of the threat actor group dubbed Cosmic Lynx, the first-ever reported Russian cybercriminal ring to conduct business email compromise (BEC) phishing scams. This is a historic shift to the global email threat landscape and portends new and...
Blog
Blog

Customer Phishing Protection Couldn’t Be Easier with PhishLabs' Digital Risk Protection

Fri, 07/01/2022
It’s not news that cybercrime is a constant battle—large enterprises and small businesses everywhere are susceptible to a myriad of advanced email threats and socially engineered attacks, such as executive or brand impersonation. According to IC3’s Internet Crime Report, over $44 million in losses in 2021 were a direct result of malicious phishing and advanced email scams....
Advanced Persistent Threats (APT)
Business Email Compromise
Agari blog thumbnail
Blog
Blog

Five Key Points When Preventing Cybersecurity Attacks in a World of Hybrid Working

Tue, 06/07/2022
On 19 July, the UK will finally lift the final social distancing measures that were put in place during the pandemic. Although concerns about the pandemic still exist, many people will now be contemplating a tentative return to the office. Although the benefits of homeworking are well-documented and recent events have proven that people can work just as effectively from home as...
Blog
Blog

SMTPS: Securing SMTP and the Differences Between SSL, TLS, and the Ports They Use

Thu, 05/26/2022
What is the difference between SMTPS and SMTP? SMTPS uses additional SSL or TLS cryptographic protocols for improved security, and the extra "S" stands for SECURE! Image By default, SMTP to send email lacks encryption and can be used for sending without any protection in place, leaving emails with an SMTP setup susceptible to man-in...
Cloud Email Security