With the season for W2 scams upon us, rapidly evolving email threats suggests these and other business email compromise (BEC) attacks targeting corporate financial departments may be about to go from bad to worse. Each January, US-based businesses begin distributing W2 forms to employees, documenting earnings, tax withholding, Social Security numbers, and other sensitive information that must be...

Don't be surprised if heightened tensions with Iran, China and Russia push email security to the top of every CISO's agenda this year—including those in the transportation industry. It's well known that the threat posed by phishing in the transportation sector has surged over the last year. But now, an email attack leading to the theft of radioactive materials from a cargo ship, a serious train...

A growing body of evidence suggests employees throughout the healthcare sector may be uniquely vulnerable to phishing attacks. If finding itself a growing target for cybercriminals weren’t bad enough, the industry is also seeing associated lawsuits piling up. Montana-based Kalispell Regional Healthcare was recently hit with a suit after it disclosed that multiple employees had fallen victim to...

Back in July, we wrote about an emerging trend we have observed that involves attackers requesting aging reports from Business Email Compromise (BEC) targets. As we discussed in that post , aging reports are used by finance teams to track unpaid customer invoices. These reports are integral in the accounts receivable realm to maintain visibility into a supplier’s payment collection process. Aging...

As 2020 gets underway, business email compromise (BEC) scams and phishing attacks are expected to get a whole lot worse. But today, a new form of expert-curated BEC intel promises to help organizations stay ahead of emerging attacks like never before possible. Businesses can use all the help they can get. With more than $8.6 billion lost to BEC and variants such as vendor email compromise (VEC) in...

Can an email authentication protocol known as DMARC protect freight and package carriers from brand impersonation attacks targeting their customers? Stop me if this sounds familiar: Your customers are scrolling through email and come across a message from your company asking for details to straighten out a delivery snafu. They follow the link, update their info, and move on to their next task. But...

Spoiler alert: When it comes to email security and the fight against business email compromise (BEC) scams, phishing attacks, and other advanced email threats, 2020 won't be a cakewalk. Then again, neither was 2019. Whether it was ransomware, time-bombed email attacks that activate post-delivery, or the $700 million-a-month losses faced by businesses pummeled by surging BEC attacks , the past year...

As important as Domain-based Message Authentication, Reporting & Conformance ( DMARC ) is to the fight against Business Email Compromise (BEC) and other advanced email threats, it's really just the first piece of the email security puzzle. And it certainly won't cut it alone. Don't get me wrong. We've talked a lot about just how vital DMARC is to stopping email-based impersonation attacks. When...

The Wall Street Journal's report that a dozen US-based utilities were targets in a recent wave of coordinated phishing attacks should set off alarm bells throughout the sector and beyond. Energy producers and utilities don't just keep the lights on. They play a unique role in a country's critical infrastructure, encompassing economic health, public safety, and national security—making them...

Over the last four years, the information security community has learned a lot about business email compromise (BEC) and the inner workings of Nigerian cybercrime rings who have made it their mainstay. We know BEC fraud has been reported in all 50 states and in 177 countries worldwide. We know that since June 2016 , over $26 billion has been lost as a result of BEC. But we also know that even at...

Business email compromise (BEC) scams, phishing campaigns, and other targeted email attacks happen all over the world, but they don’t take the same form in every region. To better understand the threat landscape for organisations in Europe, the Agari Cyber Intelligence Division (ACID) surveyed 305 senior European IT security professionals from a range of industries attending Infosecurity Europe...

You’ve heard the statistics…more than 70% of all business users will be provisioned with cloud office applications in the next two years, including email. It’s an overdue modernization that eliminates physical infrastructure to drive cost savings and integrate services for improved productivity Chasing this move, cybercriminals intent on account takeover are evolving their tactics, targeting end...

If you’ve ever received a fake email from one of your “executives” asking for a quick request, you’re not alone. In fact, new research from the Agari Cyber Intelligence Division shows that individual impersonation attempts now comprise nearly a quarter of all BEC attacks. This is an increase from the last quarter, when this type of scam made up only 12% of all attacks. Gift Cards Remain On Top...

With the 2020 US presidential election only 12 months away, a new survey of registered voters suggests email security against phishing attacks could be a make-or-break issue for candidates—and for our democracy. The online survey of 803 registered voters in the United States was conducted from October 10-16 by our internal research team, the Agari Cyber Intelligence Division (ACID). Its goal was...

Time is running out to join industry thought leaders as a featured speaker at Trust 2020, The Next Generation Email Security Conference, on April 15-17 in Los Angeles. The deadline to submit topics for consideration is October 31, 2019. Trust 2020 is an exclusive, two-day customer event where senior security leaders from a wide range of industries converge to share thought-provoking ideas and...

Imagine going to the doctor and only being able to say “pain” or “sick”. You can’t say where you feel the pain, or what type of pain, or what is making you sick. Without this information, it is nearly impossible for the doctor to know how to treat you. From a cybersecurity perspective, this is very much like calling every email attack a “phishing attack" or even a “hack”. It limits the ability to...

As Agari celebrates our 10th anniversary , I've had the opportunity to reflect on the last decade as an Agarian and how my life has changed as a result of my work with this company. It has been an undeniably exciting ten years, but also one full of challenges as we solve some of the hardest problems in email security. Fulfilling Our Mission I joined Agari when it was called Authentication Metrics...

When we first flipped on the lights in 2009, we knew we were embarking on an endeavor that wouldn’t be achieved overnight. We wanted to be deliberate, to build a rock-solid foundation—not a quick fix—that would support an email security ecosystem. We anticipated the hefty innovation and investment needed. But we also knew that investment would ultimately yield a durable solution that would change...

If you want to know why business email compromise (BEC) and other advanced email attacks keep working so well, just ask Dilbert. In one particularly biting installment of Scott Adams' popular workplace comic strip, our tech geek hero sits in his cubicle perusing an email that reads, "Enter your bank account number." Dilbert's thought bubble reads "Scam." Quick cut to engineer Alice. Same email...

Awareness. Detection. Containment. Remediation. All necessary steps in the phishing incident response process for SOC analysts. Unfortunately, each of these steps takes time, and that time comes at a cost. According to the new Q3 2019 Email Fraud and Identity Deception Trends report form the Agari Cyber Intelligence Division (ACID), employees now report an average 33,108 phishing incidents to...