With competition soaring and email-based brand impersonation scams skyrocketing 11x since 2014, your most important digital marketing channel could be in serious danger—along with the revenue it generates. But an email standard called Brand Indicators for Message Identification (BIMI) offers a way to fight back. BIMI is an emerging standard that enables brands to display their...

In December, the Agari Cyber Intelligence Division (ACID) published a report on a business email compromise group of cybercriminals we call London Blue. In this report, we documented how this group, which has roots in the United Kingdom, evolved its tactics over time, from Craigslist scams to enterprise credential phishing to business email compromise as they matured into a...

As someone who joined Agari nearly five years ago as part of the core team building our breakthrough email security solutions, I am extremely proud of what we built, and I can't wait for you to see what's next. This is—after all—a race against time. In the battle against costly spear phishing attacks, business email compromise (BEC) scams, and other advanced email threats,...

One of the trends that has been slowly creeping up across the BEC threat landscape is that actors are using other techniques in order to get money outside of an organization. While a traditional BEC attack includes instructions for wiring money outside of the organization, more and more actors are asking for a large number of gift cards instead of the classical request of ...

This post originally appeared on the Armadillo Blog and has been lightly edited for clarity.   Most organisations have been successful in blocking malicious emails targeted at their employees, at least to some extent. Various on-premise and cloud providers exist to take care of anti-spam, anti-virus, reputation scores, and advanced features such as sandboxing of executables. As...

We all know that phishing attacks came fast and furious. Timed and tailored for maximum effect, these malicious email messages exploit the cruelest of social engineering tactics, preying on customer anxieties, especially in the aftermath of major crises. This past May, UK banking giant TSB experienced one of these phishing-related emergencies. First came breaking news of a...

Business email compromise (BEC) is a term that encompasses a variety of techniques and tactics that cybercriminals leverage to obtain money or data via identity deception. Despite the evolution and repurposing of this suite of associated tactics, one constant has remained throughout—the correspondence between scammer and victim is done, almost without exception, over email. ...

With the 2019 tax season reaching full throttle, a volatile mix of conditions could fuel an unprecedented barrage of W-2 phishing scams through mid-April this year. For the businesses and employees who fall victim, the results can be disastrous. W-2s, of course, are the IRS documents that United States businesses provide employees after the end of each year, documenting the...

In the Q1 2019 Email Fraud & Identity Deception Trends report, we reported that the average security operations center (SOC) is getting more than 23,000 employee-reported phishing incidents per year. Those incidents would require 54 SOC analysts to handle them in a timely matter. Yet, the average SOC only has 12 security analysts. With that kind of a gap in resources, we have...

Channel partners have become a strategic extension for technology businesses all over the world.  Within the cybersecurity sector, channel partners have proven to be the backbone for many companies leading them to huge success. Agari is a channel-first company with a vision of being the most channel-friendly company in the cybersecurity industry. Here at Agari, channel partners...

Today, we’re excited to announce a new technology called Agari Continuous Detection and Response (CDR) that will allow customers to go back in time and find latent threats that are sitting in employee inboxes that could lead to data breaches. As Marty McFly would say, ‘“What do you mean go back in time?” Let me explain. Today, Secure Email Gateways (SEGs) and advanced threat...

When the Agari Cyber Intelligence Division released our report on London Blue in December, much of the focus was on how cybercriminals use legitimate lead generation services to identify their targets. Research we released today into a different cybergang—one we’ve named Scarlet Widow—shows how Nigerian criminals take a different tactic against more vulnerable institutions...

Recent research by the Agari Cyber Intelligence Division finds that the retail industry is dead last among major sectors in adopting and enforcing DMARC email authentication. This leaves their email channel vulnerable to brand impersonation attacks. While the United States government leads in full DMARC enforcement policy, with 81% of its domains meeting the strictest DMARC...

Adoption of Domain-based Message Authentication, Reporting, and Conformance (DMARC) has seen modest growth in recent months, with 6.1 million domains now possessing valid DMARC records, according to our new Q1 2019 Email Fraud & Identity Deception Trends Report. That's up from 5.3 million in October—a 15% increase in the number of domains protected against email-based ...

With Valentine’s Day celebrated around the world, today is a day full of love and joy—especially for those in committed relationships. People around the globe are celebrating their relationships by sending flowers and chocolates, enjoying fancy dinners, and writing love notes in greeting cards. Unfortunately, not all relationships are legitimate, and not everyone sees today as...

If US-based companies don't start automating phishing incident response processes within their SOCs, they could be SOL, according to new data captured in our Q1 2019 Email Fraud & Identity Deception Trends Report.That's because while businesses strive to implement security controls to prevent phishing attacks and any subsequent data breaches, the Security Operations Centers...

Within the Agari Cyber Intelligence Division (ACID), we regularly engage with BEC threat actors using active defense techniques. Recently, during one of our investigations into a group comprised of these threat actors, we observed several scammers taking advantage of a “feature” that Google has built into Gmail addresses. While Google sees this as an advantage of consumers,...

First, An ApologySorry, demand generation professionals.  We still love you and your jobs aren’t going away.  But, as you are well aware, the B2B buyer journey has changed—dramatically. Your roles, measurements, data sources, and tool sets have also transformed.  All for the better.Meanwhile, building quality pipeline is becoming harder, as is capturing the mindshare of time...

A federal sting operation dubbed "Operation Gold Phish" has led to the arrest of nine people accused of bilking at least 18 victims out of $2 million through socially-engineered romance scams over the last two years.As first reported on December 19, the defendants are accused of manipulating victims into becoming unwitting money mules in an alleged wire fraud operation....