As the healthcare industry closes the books on 2018, it is still reeling from more than 327 major data breaches that exposed personal health information (PHI) on at least 9.8 million US citizens this past year. Sixty percent of the attacks reported to federal authorities involved phishing or other email attacks, impacting up to 5.88 million individuals. And the costs can be...

More than $9 billion in direct losses from advanced email threats. $1 billion in ransomware payments. Six million personal identity records stolen every 24 hours—at an average cost of $7.9 million per breach.If you think the crushing losses stemming from an endless barrage of spear-phishing schemes, business email compromise (BEC) scams, and other advanced email attacks were...

Osterman Research has released a new industry report warning that many organizations will likely need to augment their Microsoft Office 365 implementations with best-in-class, third-party solutions—especially when it comes to advanced email threat protection. That's not an indictment of Microsoft, mind you. In fact, Osterman researchers point out that O365 is quickly proving to...

A breach itself is bad enough, but the time it takes an organization to discover and contain that breach is where the majority of costs are incurred.Just ask Marriott. Or Equifax. Or Under Armour. When a phishing attack occurs, it takes an average of 197 days before it's discovered—and an additional 69 days to contain it. In many cases, such as the recently discovered breach at...

Our recent report on London Blue, the cybercrime network that has amassed a list of 50,000 finance executives targeted for upcoming business email compromise (BEC) scams was alarming. But what makes it worse is that London Blue is not the only group of sophisticated cybercriminals out there.Phishing and other email attacks have jumped 50% in the last three months. The FBI is...

Marriott Hotels, Dunkin Donuts, even the House GOP. During the final quarter of 2018, a host of high-profile data breaches and cyberattacks have made major headlines. Some stemmed from business email compromise (BEC) scams, spear phishing campaigns, or other advanced email threats. Others are expected to help fuel such attacks in the future. A few might see somebody fight back...

By the end of this year, 77% of all enterprises will have moved at least some of their operations into the cloud—including email. At the same time, we're seeing that fraudsters have been doing some modernizing of their own. Tactics that were once the domain of nation states are now being adopted by increasingly networked cybercrime organizations. Exploiting the same targeting...

California has witnessed its most deadly and destructive wildfire on record during the month of November. As the Camp Fire blazes on, more than 70 people have died, hundreds are still missing, and in some cases, entire towns have been reduced to little more than ashes. What’s more is that impending rain threatens to bring mudslides and further destruction to an already ravaged...

Editor's Note: This article is Part 2 in a three-part series based on findings from the Q4 2018 Email Fraud & Identity Deception Trends report. Click here to read Part 1.First there's the good news: 51% percent of Fortune 500 companies have adopted DMARC, the open email-authentication standard designed to prevent fraudsters from impersonating brands in email scams, according to...

Want to get a sense of the carnage being caused by business email compromise (BEC) attacks? Look no further than an October 16 report from the Securities and Exchange Commission on an investigation into nine publicly-traded companies that were swindled out of $100 million through BEC scams. It isn't pretty. According to the report, one of these companies made 14 separate wire...

Phishing, Business Email Compromise (BEC), and other email attacks still involve display name deception—with Microsoft, and Amazon are still impersonated in many of these identity deception attacks.(Part 1 of 3)Display name deception techniques are now used in a majority of business email compromise (BEC) scams and other advanced email attacks targeting a growing number of...

Over the past 6 months, 100% of Agari customer brands and more than 80% of their domains have been the target of consumer phishing or B2B phishing attacks impersonating their brand to commit fraud. While the cost of phishing attacks isn't always visible, there are very real costs to businesses in the form of email deliverability, brand value and fraud costs.The root cause of...

Account takeover-based email scams are climbing fast as the barriers to entry crumble for cybercriminals. But is advanced, AI-driven email protection really the solution?  Consider yourself warned: Account takeover (ATO)-based email attacks have surged 126% in just the last year, and now represent the single most successful attack vector against businesses. According to a study...

Responding to BOD 18-01, agencies rally to complete the fastest sector-wide adoption of DMARC One year ago, the Department of Homeland Security announced its Binding Operational Directive 18-01, a mandate for all federal executive branch domains to implement stronger security standards. Specifically, BOD 18-01 required the adoption of HTTPS and DMARC, an email authentication...

Today is the deadline set by the Department of Homeland Security for all executive branch agencies to fully adopt Domain-based Message Authentication, Reporting and Conformance (DMARC), the email authentication protocol needed to prevent phishing attacks that hijack or mimic their domains. In the past 24 hours, Agari has analyzed federal DMARC adoption on the eve of BOD 18-01...

New forms of phishing attacks and other advanced email threats can cost your clients—and your brand—more than you may realize. You could call her a dream client: well-heeled, well-connected, and surely worth a fortune in potential referrals. But when a pair of business email compromise (BEC) attacks against an accountant at her wealth management firm led to $350,000 in losses,...

NYDFS, HIPAA, GDPR? As Cyber-defenses are Hardened to Comply with an Alphabet Soup of  Regulatory Mandates, Organizations are Growing More Vulnerable to Cyberattack—Not Less Name the industry, and it's safe to say that regulatory governance efforts have IT and security teams racing to erect new cyber-defenses to address a rising tide of domestic and international mandates. But...

Business Email Compromise (BEC) is on the rise, and Office 365 users are among the most heavily targeted. With new LinkedIn-integration features potentially upping the stakes, here's what you need to know now. It's official: Office 365 users will soon be able to co-edit documents from within LinkedIn. But who wins more—businesses and their employees? Or the email fraudsters who...