Resources

Article
Article

How to Mitigate Online Counterfeit Threats

Tue, 09/27/2022
The broad scope of counterfeit campaigns and unclear boundaries of abuse make it challenging to successfully mitigate online threats targeting retail brands. There is a fine line between infringement and fair use of publicly made materials, as well as immeasurable online environments where counterfeit campaigns may live and grow.
Advanced Persistent Threats (APT)
Consumer Phishing
Data Breach
Blog
Blog

What Is Email Spoofing & How You Protect Against It

Tue, 09/20/2022
What is Email Spoofing? Email spoofing is one of the most common forms of cybercriminal activity, specifically a form of identity deception that's widely used in phishing and spam attacks. It underpins the mechanism required to conduct hacking activities, and it can take many forms. Unfortunately, most email users will eventually receive an email that has been spoofed—whether they know it or not...
Advanced Persistent Threats (APT)
Business Email Compromise
Cloud Email Security
DMARC Email Authentication
Blog
Blog

How to Run Simulated Phishing Campaigns

Tue, 09/13/2022
Here's how to run a simulated phishing campaign to test and train your employees before they receive an actual phishing email. What is a Phishing Campaign? To be clear, when we say “phishing campaign,” we’re not referring to malicious, black-hat phishing campaigns. A simulated phishing campaign is part of an internal training program to raise employee awareness about real-world phishing attacks...
Advanced Threat Protection
Anti-Phishing
Article
Article

Hybrid Vishing. It's Such A Thing.

Mon, 09/12/2022
In this podcast, John Wilson, senior fellow for threat research at, discusses how vishing, a tactic used to gain PII information from people through phone messages is - like its success - on the rise. Gain insight into this devious scam and the best defense against it.
Advanced Persistent Threats (APT)
Blog
Blog

The Definitive Report Analyzer: Deciphering DMARC

By Monica Delyani on Sat, 08/20/2022
It takes years to build trusted relationships with your customers — but as all-too-familiar headlines and recounted tales of woe from IT departments tell us, cybercriminals can abuse that trust to trick your customers, employees, and partners into opening their malicious emails in a matter of minutes.  DMARC, or Domain-Based Message Authentication, Reporting, and Conformance, is an essential email...
Cloud Email Security
DMARC Email Authentication
Blog
Blog

DMARC Authentication: Is DIY’ing it Worth the Risk?

By Monica Delyani on Sat, 08/20/2022
Do-it-yourselfers abound everywhere in these days – from YouTube stars demonstrating the latest hacks through tutorials to entire cable channels and streaming networks devoted to DIY, average laypeople have become self-proclaimed experts in a variety of areas and skills. But should you take a do-it-yourself approach when it comes to technology and email security, or more specifically to DMARC...
Cloud Email Security
DMARC Email Authentication
Blog
Blog

Office 365 + DMARC: Best Practices for Protecting Your Company & Customers From Phishing Attacks

By John Wilson on Mon, 08/15/2022
In 2021, Gartner includes DMARC, or known by its full name as Domain-based Message Authentication, Reporting & Conformance, in its list of top 10 security projects . With very few exceptions, the best way for organizations to prevent getting impersonated in email attacks is to integrate DMARC into their Office 365-based email ecosystems. To understand why, let’s consider the benefits of deploying...
Cloud Email Security
DMARC Email Authentication
Email Security for Office 365
Security Software
Blog
Blog

One Big Threat Protection Problem, One Simple Email Security Solution

Fri, 08/12/2022
There’s no question, Microsoft 365 is a production powerhouse used by millions worldwide. It offers a multitude of robust products that allow easy collaboration and efficiency, and many organizations believe the email security features are adequately protecting them. The harsh truth is that it’s probably not protecting them as much as they think. The proverbial saying goes: “Don’t put all of your...
Blog
Blog

The “i'’s” Have It: How BEC Scammers Validate New Targets with Blank Emails

Fri, 07/29/2022
Have you ever received a blank email from someone you don’t know? If you have, it may have been from a cybercriminal making sure your email account is legitimate prior to a Business Email Compromise (BEC) attack. Agari and PhishLabs define BEC as any response-based spear phishing attack involving the impersonation of a trusted party to trick victims into making an unauthorized financial...
ACID Research
Advanced Persistent Threats (APT)
Consumer Phishing
Spear Phishing
Guide
Guide

Scarlet Widow Part 1: Breaking Hearts for Profit

Table of Contents Who is Scarlet Widow? Femmes Fictionale and Counterfeit Romeos The Long Con: Making Moves for Money Starry Eyes for Starling Michael Up Close and Personal: The Case of "Robert Blackwell"
Advanced Persistent Threats (APT)
Social Engineering
Advanced Threat Protection
Anti-Phishing
Guide
Guide

Anatomy of a Compromised Account

Credential phishing leads to compromised accounts, and compromised accounts lead to more credential phishing. In order to uncover the mechanics, the Agari Cyber Intelligence Division seeded more than 8,000 phishing sites with fake credentials and then monitored what happened next. In this report, you’ll discover more about how cybercriminals access and use compromised accounts, including How 50%...
Advanced Persistent Threats (APT)
Business Email Compromise
Spear Phishing
Vendor Email Compromise
Getting Started with DMARC Guide
Guide
Guide

Getting Started with DMARC

Discover why cybercriminals target enterprise email channels for phishing schemes and how you can protect yourself from phishing by implementing DMARC.
Cloud Email Security
DMARC Email Authentication
Guide
Guide

Frost Radar: Email Security Report

Frost & Sullivan has released the Frost Radar: Email Security, providing a benchmarking system to help you protect your email from cyber attacks. Download the report for more information about: Why email is a top threat vector for cyber attacks, and how working from home has increased the risk How the email security market will continue to grow as more organizations transition to the cloud, and...
Cloud Email Security
DMARC Email Authentication
Guide
Guide

Exaggerated Lion Threat Dossier: BEC Check Fraud Ring

Exaggerated Lion is a BEC cybercrime ring that operates out of Africa with members in Nigeria, Ghana, and Kenya. This is one of the most prolific BEC groups ever discovered, targeting more than 3,000 employees at nearly 2,100 companies throughout the United States. Download this report for details including: How they name, register and host domains disguised to mimic trusted infrastructure. Their...
Advanced Persistent Threats (APT)
Business Email Compromise
Guide
Guide

Behind the 'From' Lines: Email Fraud on a Global Scale

Organized criminals are targeting businesses with identity deception attacks that cause financial losses and broken trust, but Agari is changing the game. Using responsible active defense techniques to analyze criminal email accounts, the Agari Cyber Intelligence Division (ACID) unmasked 10 cybercriminal groups during a 10-month period. ACID has used the results of its work to: Warn financial...
Advanced Persistent Threats (APT)
Account Takeover
Business Email Compromise
Spear Phishing
Guide
Guide

The Total Economic Impact™ of Agari Phishing Defense

Agari commissioned Forrester Consulting to conduct a Total Economic Impact™ (TEI) study and examine the potential return on investment (ROI) enterprises may realize by deploying Agari Phishing Defense. Quantified benefits expressed in risk-adjusted present value generated return on investment of 97% over three years, including: $270k value from improved IT security and reduced level of effort to...
Advanced Persistent Threats (APT)
Spear Phishing
Advanced Threat Protection
Anti-Phishing
Silent Starling Guide
Guide
Guide

Silent Starling Threat Dossier: BEC to VEC

Vendor email compromise is a new form of advanced email attack that uses compromised email accounts to target the global supply chain. With the cybercriminal group we’ve named Silent Starling, we see how devastating these attacks can be. Download the threat actor dossier to: How Silent Starling uses phishing email lures to target their victims Why compromised email accounts make email attacks easy...
Advanced Persistent Threats (APT)
Account Takeover
Business Email Compromise
Cloud Email Security
Scattered Canary Guide
Guide
Guide

Scattered Canary Threat Dossier

Business email compromise (BEC) has continued to grow into a billion-dollar industry as cybercriminals turn to it as their preferred scam. But with the West African gang we’ve named Scattered Canary, we have deeper insight into how BEC is connected to the rest of cybercrime, and why it has grown in recent years. Download the threat dossier to learn: How Scattered Canary grew from a one-man startup...
Advanced Persistent Threats (APT)
Business Email Compromise
Data Breach
Spear Phishing
Guide
Guide

Scarlet Widow Part 2: BEC Bitcoin Laundry—Scam, Rinse, Repeat

While many cybercriminal gangs scam medium-sized and large corporations, Agari has now uncovered and documented the practices of a Nigeria-based scammer group, dubbed Scarlet Widow, that has evolved a different strategy focused on more vulnerable sectors such as school districts, universities, and nonprofits. In this report, we uncover: How Scarlet Widow transitioned from romance scams to tax...
Advanced Persistent Threats (APT)
Business Email Compromise
Social Engineering