Resources

Blog
Blog

Agari Summer '20 Release: CISOs Gain Unique Threat Intel to Their Organizations

Tue, 06/30/2020
With business email compromise (BEC) scams up sharply amid the coronavirus pandemic, CISOs have been forced to scour an expanding but largely inscrutable email threat landscape in hopes of fending off costly attacks—until now, that is. In an industry first, the new Agari Summer '20 Release offers CISOs access to real-world intelligence on specific phishing threats unique to their organizations...
Advanced Persistent Threats (APT)
Business Email Compromise
Blog
Blog

Scattered Canary Cybercrime Ring Exploits the COVID-19 Pandemic with Fraudulent Unemployment and CARES Act Claims

Mon, 05/18/2020
Recently, news broke about how a sophisticated Nigerian cybercriminal organization has been committing mass unemployment fraud against a number of states, including Florida, Massachusetts, North Carolina, Oklahoma, Rhode Island, Washington, and Wyoming. Based on information uncovered by the Agari Cyber Intelligence Division, some, if not all, the actors behind these fraudulent schemes are likely...
Advanced Persistent Threats (APT)
Business Email Compromise
Blog
Blog

BEC Gift Card Scams Move Online During COVID-19 Pandemic

Mon, 04/06/2020
With 60 million corporate employees working remotely due to the Coronavirus outbreak, cybercriminals are switching up their tactics in business email compromise (BEC) scams. In what has been called the " world's largest work-from-home experiment ," organizations around the globe are being forced to quickly transition to a remote workforce, ready or not. Cybercriminals have opportunistically...
Advanced Persistent Threats (APT)
Business Email Compromise
Cloud Email Security
Blog
Blog

Business Email Compromise (BEC): Security Risks from your 'Out-of-Office' Reply

Fri, 04/03/2020
As if coronavirus hasn't put enough of a damper on vacation schedules this spring, corporate employees taking time off might want to rethink their "out of office" email settings for fear a different threat: Business Email Compromise ( BEC ) scams. Sure, the temptation to share humorous details about your big spring adventure can be irresistible for a certain species of corporate denizen...
Advanced Persistent Threats (APT)
Business Email Compromise
Press Release
Press Release

KnowBe4 and Agari Announce New Partnership to Transform Phishing Protection

Tampa Bay, FL (March 5, 2020) – KnowBe4, the provider of the world’s largest security awareness training and simulated phishing platform, today announced a new partnership with Agari, the market share leader in phishing defense solutions for the enterprise, that creates a best-in-class approach to defend against phishing attacks at scale. As a result of this new partnership, information security...
Blog
Blog

Business Email Compromise (BEC) and G Suite: How the Exaggerated Lion Cybercrime Group Cashes Out

Wed, 02/19/2020
Business email compromise (BEC) has become the predominant cyber threat businesses face today. These basic social engineering scams are having a huge impact, to the tune of more than $700 million every month. To make matters worse, the recently-released Internet Crime Report from the FBI’s Internet Crime Complaint Center shows that BEC isn’t going away any time soon, as losses from BEC attacks...
Advanced Persistent Threats (APT)
Business Email Compromise
Blog
Blog

DMARC and Lookalike Domains: How to Protect Your Customers from Getting Duped

Fri, 02/07/2020
Hint: DMARC Alone Won't Cut It Think the prospect of cybercriminals using your domains to launch phishing attacks sounds bad for your brand? Just wait until you hear the latest on lookalike domains. Over the last few months, researchers have been discovering a troubling number of phishing sites that feature domains meant to impersonate leading brands in a variety of industries. Sometimes referred...
Advanced Threat Protection
Anti-Phishing
Cloud Email Security
DMARC Email Authentication
Blog
Blog

Microsoft Office 365 + Secure Email Cloud: All You Need in a Cloud-First World

Mon, 11/04/2019
You’ve heard the statistics…more than 70% of all business users will be provisioned with cloud office applications in the next two years, including email. It’s an overdue modernization that eliminates physical infrastructure to drive cost savings and integrate services for improved productivity Chasing this move, cybercriminals intent on account takeover are evolving their tactics, targeting end...
Advanced Threat Protection
Anti-Phishing
Cloud Email Security
DMARC Email Authentication
Email Security for Office 365
Blog
Blog

How to Prevent Phishing Attacks that Target Your Customers with DMARC and Office 365

Thu, 09/26/2019
Editor's Note: This post originally appeared on the Microsoft Security blog and has been republished here. You already know that email is the number one attack vector for cybercriminals. But what you might not know is that without a standard email security protocol called Domain Message Authentication, Reporting, and Conformance ( DMARC ), your organization is open to the phishing attacks that...
Advanced Persistent Threats (APT)
Business Email Compromise
Advanced Threat Protection
Anti-Phishing
Cloud Email Security
DMARC Email Authentication
Email Security for Office 365
Blog
Blog

Ensuring DMARC Compliance for Third-Party Senders

Fri, 09/06/2019
Marketo. Salesforce. Eloqua. Bamboo HR. Zendesk. It only takes a minute to realize how much organizations love third-party senders. They are typically responsible for sending our important customer notifications, marketing promotions, prospecting emails, and even employee information. Because their mail is so important to your business, we should do what we can to help them become DMARC compliant...
Cloud Email Security
DMARC Email Authentication
Blog
Blog

Weaponizing Accounts Receivable

Tue, 07/23/2019
Receipts and invoices—two accounting powerhouses that require little introduction. But step a little further into the world of finance and accounts, and you can quickly become a fish out of water, as the terminology to this numerical land seems to multiply exponentially. That said, in some of our recent active defense engagements with BEC cybercriminals, we have observed a new way scammers are...
Advanced Persistent Threats (APT)
Business Email Compromise
Blog
Blog

From One to Many: Scattered Canary Evolves from One-Man Startup to BEC Enterprise

Tue, 06/04/2019
There is no denying that business email compromise (BEC) is big business, with losses exceeding a billion dollars in the United States in the last year alone. Globally, BEC attacks have cost more than $13 billion in the last five years. Chances are likely that you’ve probably been a recipient of one of these social-engineered emails yourself. But the question remains… who is behind these...
ACID Research
Advanced Persistent Threats (APT)
Business Email Compromise
Blog
Blog

Quick, Urgent, Request: Agari Research Reveals Top Ten Subject Lines Used for BEC

Mon, 05/13/2019
You likely have a fraudulent email from a business email compromise (BEC) scammer sitting in your inbox, and you may not realize it. However, recent research from the Agari Cyber Intelligence Division (ACID) has shown that these advanced phishing attacks increasingly possess a handful of commonalities, making them easier to spot—which is good news considering their popularity. There are more BEC...
ACID Research
Advanced Persistent Threats (APT)
Business Email Compromise
Blog
Blog

The Time is Now: Underscoring the Importance of DMARC for State and Local Governments

Wed, 04/17/2019
Scammers know that impersonating a trusted government agency is an extremely effective way to trick or scare victims into handing over money, personal data, or sensitive information. In many cases, it’s all too easy for cybercriminals to use the agency’s own domains to send authentic-looking phishing emails to constituents and contractors. That’s why the Department of Homeland Security announced...
Cloud Email Security
DMARC Email Authentication
Blog
Blog

Why iTunes? A Look into Gift Cards as an Emerging BEC Cash Out Method

Wed, 03/27/2019
One of the trends that has been slowly creeping up across the BEC threat landscape is that actors are using other techniques in order to get money outside of an organization. While a traditional BEC attack includes instructions for wiring money outside of the organization, more and more actors are asking for a large number of gift cards instead of the classical request of “Please wire $30,000 to...
Advanced Persistent Threats (APT)
Business Email Compromise
Blog
Blog

Protecting our Clients from Email Spoofing: Our DMARC Journey

Tue, 03/26/2019
This post originally appeared on the Armadillo Blog and has been lightly edited for clarity. Most organisations have been successful in blocking malicious emails targeted at their employees, at least to some extent. Various on-premise and cloud providers exist to take care of anti-spam, anti-virus, reputation scores, and advanced features such as sandboxing of executables. As a service provider...
Cloud Email Security
DMARC Email Authentication
SPF
DKIM
Blog
Blog

New “BEC-as-a-Service” Trend Means Just About Anyone Can Launch an Attack

Tue, 01/22/2019
Business email compromise (BEC) fraud is a lucrative venture, and now that industry is expanding in a troubling way—by lowering the barrier to entry so that anyone with a couple hundred bucks can outsource a BEC attack. BEC criminals are organized, behaving in many ways like legitimate businesses . And just like any successful company in a growing industry, these criminals are looking to add...
Advanced Persistent Threats (APT)
Business Email Compromise
Cloud Email Security
Blog
Blog

M&As Put Your Company at Risk for BEC Losses and Data Breach Liability

Thu, 01/17/2019
Mergers and acquisitions can build your company's value overnight, but business email compromise (BEC) and data breaches can tear it down just as quickly. Too often, M&A announcements are followed by waves of BEC attacks against the companies involved, or by news that the target company was the victim of a data breach. To get the most value from a merger or acquisition, you need to know how to...
Advanced Persistent Threats (APT)
Business Email Compromise
Data Breach
Spear Phishing
Cloud Email Security
Blog
Blog

The ROI of Protecting Your Brand, Customers and Partners from Phishing

Thu, 10/25/2018
Over the past 6 months, 100% of Agari customer brands and more than 80% of their domains have been the target of consumer phishing or B2B phishing attacks impersonating their brand to commit fraud. While the cost of phishing attacks isn't always visible, there are very real costs to businesses in the form of email deliverability, brand value and fraud costs. The root cause of this problem is that...
Cloud Email Security
DMARC Email Authentication
Press Release
Press Release

Agari Summer '18 Release Extends Protection against Advanced Deception Attacks

FOSTER CITY, Calif., June 13, 2018 – Agari, a leader in Identity Deception Protection solutions, today announced its Summer ’18 Release, which extends the protection of the Agari Email Trust Platform™ against advanced identity deception attacks. Major enhancements in this release include attachment analysis for improved account takeover detection, an interactive threat taxonomy for granular attack...