Resources

Video

Account Takeover: The Evolution of Advanced Cyberattacks

Targeted email attacks continue to escalate as organizations deal with increasing numbers of phishing, spear phishing and ransomware attempts. But another attack vector—account takeovers—is affecting 44% of organizations and is posing a significant risk. Watch this webinar to learn how: These attacks lead to large-scale data breaches and financial losses; How organizations can identify account...
Press Release

Agari Wins 2018 SC Magazine Award for Best Email Security Solution

SAN FRANCISCO, Calif. – RSA Conference – April 19, 2018 – Agari, a leading cybersecurity company, today announced it has been recognized as the “Best Email Security Solution” by the 2018 SC Magazine Awards, from a prestigious field of finalists including Proofpoint (NASDAQ: PFPT), FireEye (NASDAQ: FEYE), Mimecast (NASDAQ: MIME) and Zix (NASDAQ: ZIXI) . The Agari Email Trust Platform was selected...
Blog

Account Takeover-Based Email Attacks Increased by 126% in 2018

If the term “Account Takeover” (ATO) wasn’t part of your cybersecurity vocabulary before, it likely will be soon. According to a new report published by Agari, Account Takeover-based email attacks are on the rise. The research conducted by Agari sites a 126% increase month to month in targeted email attacks that exploit Account Takeover tactics since the beginning of 2018. To execute an Account...
Blog

BIMI is the Next Chapter in Email Authentication

Today’s announcement that deployment of Brand Indicators for Message Identification (BIMI) has begun marks the next chapter in the fight to make the world safe from identity deception. Many of BIMI’s developers, including Agari , worked together from 2010 to 2013 to develop the DMARC email authentication standard, aimed at stopping the plague of phishing and other email attacks. Billions of phish...
Blog

How does the EU GDPR impact Agari?

We’re just a few short months away from the EU General Data Protection Regulation (GDPR) coming into law on May 25th, promising an unprecedented shake up of the way businesses manage and secure data. Any organization that collects or processes data relating to EU citizens is likely to fall under the regulation, making it a priority for any company with a global scope. Some organizations are...
Blog

Email Phishing Scam Continues to Target College Students

According to a public service announcement issued by the FBI, college students across the United States continue to be targeted in a common email phishing scam that lures students in with the promise of employment. It works like this: email Scammers advertise phony job opportunities on college employment websites or students receive emails on their student accounts recruiting them for fictitious...
Blog

Strengthen DKIM Signatures with DCRUP

In this final post of the DMARC series we’ll discuss the latest crypto updates to DKIM known as the DKIM Crypto Update (DCRUP) to strengthen DKIM. Picking the Lock While DKIM has been around for many years as one of the foundations of DMARC , weaknesses in the security of its signatures have limited its effectiveness. The DCRUP Working Group was created to update DKIM to handle more modern...
Blog

How SMS 2FA Might Leave You Vulnerable to Email Account Takeover

One of the biggest challenges for a security strategy is making it accessible and understandable for end-users. Thanks to this, one of the most widely used identity verification measures is the straight-forward two-factor authentication (2FA) approach, where the user is sent a unique code to prove who they are. 2FA has been especially popular via SMS text message, as even the oldest, clunkiest...
Blog

The Arrival of ARC

As we mentioned in the first post of this series, with the arrival of ARC, one of the biggest blockers to DMARC adoption up to now has been the inability to use it with mailing lists or forwarders. This limitation existed because messages delivered through 3rd party handlers would not pass DKIM or SPF (or both). This meant that in the past one either didn’t enforce DMARC or suffered the...
Blog

DMARC Email Authentication: The Last Mile

Agari has been working diligently to stop the abuse of email since its founding in 2009. By driving increased adoption of DMARC email authentication, Agari (and the industry as a whole) has made it much harder for criminals and other bad actors to forge email identity. DMARC has been a key part of this success and its importance continues to grow — for validation of this refer to the recent...
Blog

New Agari Report Shows High Risk for BEC Attacks

Recent research conducted by Agari showed that Business Email Compromise (BEC) attacks are running rampant with 96% of organizations experiencing an attack during the second half of 2017. To compile the report, Agari analyzed over 1 billion emails that were considered safe by conventional security technologies. Our analysis showed that BEC was one of the predominant methods used by cyber criminals...
Blog

Federal Government DMARC Adoption Surges Ahead of DHS BOD 18-01 Deadline, but More Work Remains

The first deadline for the Department of Homeland Security Binding Operational Directive (BOD) 18-01 has passed and 63 percent of federal agencies have deployed DMARC, up from 18% when the directive was announced three months ago. BOD 18-01 was announced by DHS Assistant Secretary of Cybersecurity and Communications Jeanette Manfra on October 14, 2017. The mandate requires federal domains to...
Blog

How to Create an Agency Plan of Action for BOD 18-01

The Department of Homeland Security binding directive (BOD 18-01) outlines several milestones that agencies must meet in order to show progress and, ultimately, compliance with the directive. The first of those milestones (due on November 15 th , 2017) is to create an Agency Plan of Action for BOD 18-01 outlining how the agency would implement the requirements of the directive and meet its...
Blog

The DMARC Mandate: How to Protect Citizens from Cybercrime

On October 16, 2017, the U.S. Department of Homeland Security issued Binding Operational Directive (BOD) 18-01 that mandates the implementation of specific security standards to strengthen email and website security among government agencies. As part of this DHS mandate, all federal agencies that operate .gov email domains must implement a DMARC “monitor” policy within 90 days and must progress to...
Blog

Mailsploit: The DMARC Sky is not Falling

If you are in the email business, the big story today is Mailsploit, a collection of email client bugs that threatens to undermine DMARC and render Secure Email Gateways (SEGs) obsolete. In other words, the end of the world is upon us, and we should all go back to using smoke signals or march forward and find a replacement for email. Before we all become tinfoil milliners, let’s take a step back...
Blog

DHS' BOD 18-01 for Email Security: What You Need to Know

Are you ready for Binding Operational Directive 18-01? On October 16, 2017, the Department of Homeland Security (DHS) issued this directive in order to implement better security protocols on government emails. The DHS BOD 18-01 is a compulsory directive to all federal departments and agencies. Among the measures mandated in BOD 18-01 is a requirement that federal agencies adopt Domain-based...
Blog

My Experience as a Summer Intern at Agari

As with all great internships, I started this summer at Agari being delightfully bombarded with various acronyms and different technologies to learn. But though there was such a wealth of new information, within weeks, I found myself making real contributions to the product and essentially being treated as a full-time engineer. I came into this 10-week internship after my junior year at U.C...
Blog

Why are my Google Calendar Invites Blocked by DMARC?

Are you sending Google Calendar invites and not getting replies, or maybe your invitees tell you they tried to reply and it was blocked? Or maybe you are trying reply to Google Calendar invites and being blocked saying the mail is not accepted due to your domain's DMARC policy? This is an issue I have been seeing, so I did some digging and I have figured out what is going on. Before I get to the...
Blog

Real Estate Email Scams - Don't Get Tricked!

Every year, more than 5 million homes are bought and sold in the U.S. Given this volume, it should come as no surprise that the real estate industry is a prime target for email-based crimes. Cyber criminals are spoofing (and in some cases taking over) the email accounts of real estate agents, title companies, and others involved in the home buying process. Once the criminal gains access, he or she...
Blog

Productivity & Security with Office 365 + Agari

Companies are flocking to Office 365 as the leading choice of cloud-based email. But while it’s a great productivity enhancer and provides simplicity and cost savings over on-premises solutions, it raises serious security challenges. Threat actors typically target email accounts with identity deception. And with Office 365 being ubiquitous and publicly-discoverable, the risks become even greater...