Resources

Blog
Blog

Financials & Card Data Top Q3 Targets on the Dark Web

Mon, 12/05/2022
In Q3, credit unions nearly overtook national banks as the top targeted industry on the Dark Web, according to recent data from Fortra’s PhishLabs.
Advanced Persistent Threats (APT)
Business Email Compromise
Consumer Phishing
Blog
Blog

DKIM vs. SPF Email Standards: Do I Need Them Both?

Thu, 10/20/2022
When it comes to email authentication standards, should you use DKIM, SPF, or both? We’re going to cover these terms, when you should use them, what they do—and how best to protect your email domains. Is it Either/Or—or Both? Should the battle really be SPF vs. DKIM? While not mandatory, it’s highly recommended to use both SPF and DKIM to protect your email domains from spoofing attacks and fraud...
Cloud Email Security
DMARC Email Authentication
SPF
DKIM
Blog
Blog

DKIM Guide: How to Set Up the Email Standard Step by Step

Tue, 10/18/2022
In this DKIM setup guide, we’ll walk you through the steps on how to set up DKIM correctly, test it, avoid common pitfalls, and fix common mistakes. In case you’re new to DKIM, or DomainKeys Identified Mail, we’ll start with a high-level overview before getting to the step-by-step instructions, but you can first look up your DKIM record here . What is DKIM? A Brief Introduction DKIM is a standard...
Cloud Email Security
DMARC Email Authentication
DKIM
Article
Article

How to Mitigate Online Counterfeit Threats

Tue, 09/27/2022
The broad scope of counterfeit campaigns and unclear boundaries of abuse make it challenging to successfully mitigate online threats targeting retail brands. There is a fine line between infringement and fair use of publicly made materials, as well as immeasurable online environments where counterfeit campaigns may live and grow.
Advanced Persistent Threats (APT)
Consumer Phishing
Data Breach
Blog
Blog

The “i'’s” Have It: How BEC Scammers Validate New Targets with Blank Emails

Fri, 07/29/2022
Have you ever received a blank email from someone you don’t know? If you have, it may have been from a cybercriminal making sure your email account is legitimate prior to a Business Email Compromise (BEC) attack. Agari and PhishLabs define BEC as any response-based spear phishing attack involving the impersonation of a trusted party to trick victims into making an unauthorized financial...
ACID Research
Advanced Persistent Threats (APT)
Consumer Phishing
Spear Phishing
On-Demand Webinar
On-Demand Webinar

Simplifying DMARC Email Authentication with Agari DMARC Protection

By Brent Sleeper
In this webinar, discover how Agari DMARC Protection automates and simplifies DMARC email authentication so you can get to policy=reject faster. You will gain valuable insights, such as: The challenge and limits of DMARC. The benefits of hosted DMARC, BIMI, SPF, and DKIM records. How automated discovery helps quickly identify email senders. Ways to quickly investigate unknown senders. Tips for...
Cloud Email Security
DMARC Email Authentication
SPF
DKIM
Video
Video

Anatomy of a Compromised Email Account

By Crane Hassold
Using active defense techniques, Agari planted credentials into more than 8,000 phishing sites impersonating enterprise applications, then monitored these accounts to see when and how each compromised account was accessed. Through our analysis, we gained unique insights into what cybercriminals do with compromised email accounts. Watch this webinar to hear answers to important questions about the...
Advanced Persistent Threats (APT)
Vendor Email Compromise
On-Demand Webinar
On-Demand Webinar

Silent Starling and the Emergence of VEC

By Crane Hassold
Silent Starling is a newly discovered cybercriminal group comprised of Nigerian cybercriminals, intent on scamming as much as they can from their victims through a new attack type named vendor email compromise (VEC). Watch this webinar to learn: What VEC is and how it differs from other major attacks Why VEC is the largest threat for your supply chain Which of your employees are most likely to be...
Advanced Persistent Threats (APT)
Vendor Email Compromise
Datasheet
Datasheet

Stop Identity-Based Email Attacks

Understanding The Threats Today’s modern identity-based email attacks exploit the identity of trusted colleagues and brands. However, each varies in the tactics and techniques used. Understanding the differences will be critical in being able to effectively and accurately stop these attacks. Customer Phishing : Cybercriminals use brand impersonation techniques such as domain spoofing and malicious...
Advanced Persistent Threats (APT)
Consumer Phishing
Cloud Email Security
Datasheet
Datasheet

Agari Automation and Hosting Features

The Email Authentication Challenge Email is the #1 way attackers target an organization’s customers and email ecosystem. DMARC authentication, specifically with an enforcement policy of Reject, is the single most effective way to close this vulnerability inherent to email. While the premise of authentication is straightforward, organizations can encounter roadblocks and challenges along the way to...
Cloud Email Security
DMARC Email Authentication
SPF
DKIM
Case Study
Case Study

Los Angeles-Based Large Credit Union Eradicates Phishing Attacks

Executive Summary Los Angeles Federal Credit Union (LAFCU) was in the crosshairs of email scammers. Its brand was constantly being spoofed, putting its members at risk of being defrauded. The CTO prioritized email security as part of his broader risk management strategy, and selected Agari as his partner. That was more than a decade ago. Today, domain spoofing is at near-zero. "Our initial goal...
Advanced Persistent Threats (APT)
Consumer Phishing
Advanced Threat Protection
Anti-Phishing
Guide
Guide

Anatomy of a Compromised Account

Credential phishing leads to compromised accounts, and compromised accounts lead to more credential phishing. In order to uncover the mechanics, the Agari Cyber Intelligence Division seeded more than 8,000 phishing sites with fake credentials and then monitored what happened next. In this report, you’ll discover more about how cybercriminals access and use compromised accounts, including How 50%...
Advanced Persistent Threats (APT)
Business Email Compromise
Spear Phishing
Vendor Email Compromise
Blog
Blog

How to Implement the BIMI-Selector Header for Multiple Brands

Thu, 05/20/2021
Wondering what Brand Indicators for Message Identification actually means? Here, we’ll cover the basics of BIMI, what the BIMI-selector header is, what it does, whether you need it, and how to implement it. But first, do you really need the BIMI-selector header? In most cases, you only need the BIMI-selector header if you want to support multiple logos for multiple brands or subdomains. Otherwise...
Advanced Persistent Threats (APT)
Consumer Phishing
Cloud Email Security
DMARC Email Authentication
BIMI Brand Impressions
Blog
Blog

What is Email Spoofing & How to Stop Attackers from Spoofing Your Email Address

Tue, 12/15/2020
What is email spoofing, how does it work, and why is it so dangerous to your company? We’ll explain everything you need to proactively stop attackers from spoofing your email address. Email Spoofing: What Is It? Email spoofing is when a fraudster forges an email header’s ‘From’ address to make it appear as if it was sent by someone else, usually a known contact like a high-level executive or...
Advanced Persistent Threats (APT)
Consumer Phishing
Spear Phishing
Advanced Threat Protection
Anti-Phishing
Cloud Email Security
Blog
Blog

DKIM for Email: What It Is, How It Works, and How to Add It

Thu, 11/19/2020
We'll cover what DKIM for email is, why your company needs it, how it works, how to set DKIM up, and additional ways to prevent email spoofing attacks. What is DKIM? First, let’s clarify what DKIM is in email. DomainKeys Identified Mail is a technique that uses your domain name to sign your emails with a digital “signature” so your customers know it’s really you sending those emails and that they...
Cloud Email Security
DMARC Email Authentication
DKIM
Blog
Blog

Preventing Phishing Attacks:  The Dangers of Two-Factor Authentication

Mon, 06/08/2020
Are you protecting your remote workers against an endless barrage of COVID-19 related phishing attacks by requiring 2-factor authentication (2FA) to log into employee email accounts? Smart move—just don't let it give you a false sense of security.
Advanced Persistent Threats (APT)
Account Takeover
Consumer Phishing
Spear Phishing
Blog
Blog

COVID-19 Credential Phishing Scams: Feeding Off Coronavirus Fears

Tue, 04/28/2020
Since the beginning of February, we have seen more than a 3,000% increase in Coronavirus-themed phishing attacks targeting our customers. The spike in attacks is as logical as it is repugnant. With an estimated 75 million employees more reliant than ever on email during the largest "work-from-home experiment" in history, phishing scammers and other threat actors seem hellbent on exploiting...
Advanced Persistent Threats (APT)
Consumer Phishing
Advanced Threat Protection
Anti-Phishing
Phishing Simulation & Training
Blog
Blog

How to Stop Phishing Message Voicemail Attacks

Tue, 09/24/2019
At Agari we often talk about the evolving nature of advanced email attacks and the identity deception tactics that go with them. These attacks bypass legacy controls and like a magician delighting a curious audience, they trick the human psyche by targeting core human emotions such as fear, anxiety and curiosity. Of course, the magic in this case comes with ill intent. A good example of a...
Advanced Persistent Threats (APT)
Consumer Phishing
Spear Phishing
Blog
Blog

Protecting our Clients from Email Spoofing: Our DMARC Journey

Tue, 03/26/2019
This post originally appeared on the Armadillo Blog and has been lightly edited for clarity. Most organisations have been successful in blocking malicious emails targeted at their employees, at least to some extent. Various on-premise and cloud providers exist to take care of anti-spam, anti-virus, reputation scores, and advanced features such as sandboxing of executables. As a service provider...
Cloud Email Security
DMARC Email Authentication
SPF
DKIM