Blog

Blog

5 Reasons Why I Joined Agari as Chief Business Development and Strategy Officer

A 300% increase in phishing attacks in just twelve months, with more than 40% launched using cloud-based email, URLs, or both. As many as 1.5 million malicious emails sent from hijacked Office 365 accounts on a monthly basis. Average losses of $2 million for the businesses they victimize—and $7.9 million in additional average costs when they result in a data breach.Unfortunately, these numbers are...
Blog

From Pesky to Dangerous - Image-based Spam

Those of you that can remember back to 2006 may recall that High School Musical was the highest selling album of the year. “We’re all in this together” was one of the most popular songs played at the time and, some would say, a pesky tune that would stick in your head.It also happened to be the same time when image-based spam was at its peak, another pesky occurrence that was hammering our inboxes...
Blog

Why DMARC Could Make or Break Your B2B Email Marketing Programs

In B2B email marketing, nothing says amateur hour like a landing page with the words "Not Secure" in the URL. A missing SSL certificate is bad enough, but it's the lack of something called "Domain-based Message Authentication, Reporting & Conformance" (DMARC) that could obliterate your KPIs and cost your company millions in brand reputation and revenue.As the CMO of a fast-growth technology...
Blog

Can Remote Employees Solve Your Tech Hiring Crunch? Yes, If You Know What to Expect

Finding talent for a fast-growing tech startup is a challenge, especially in competitive markets like Silicon Valley. The solution to hiring the people you need without waiting forever, poaching from competitors, and breaking your salary budget? Look beyond your local market for new sources of talent. At Agari, we are always on the lookout for talent near our Bay Area headquarters. But we also...
Blog

Current Email Architecture Transformation Raises the Bar for Security

Enterprise email architecture is evolving, which is good news for cybercriminals. Legacy secure email gateways (SEGs) simply don't provide full protection from today’s evolving and costly attacks, and cloud-based email requires a new security approach. In contrast, the next generation of email security—the AI-powered Secure Email Cloud—gives organizations more comprehensive security and better...
Blog

2018 Internet Crime Report Shows Business Email Compromise (BEC) is Still Big Business

Every year, the Internet Crime Complaint Center, also known as IC3, publishes an annual report looking at the different types of internet-based crimes reported to the FBI. Over the last year, victims around the globe lost $2.71 billion to all types of cybercrime, which includes lottery scams, hacktivism, gambling fraud, malware, ransomware attacks, and tech support fraud, among others. While each...
Blog

Bitcoin: The Next Evolution in BEC Cash Out Methods?

Historically, business email compromise (BEC) threat actors have used wire transfers as a means to steal money from businesses. Impersonating a trusted contact, usually a company executive, a scammer requests that a fictitious vendor get paid by sending money to a bank account controlled by the scammer or an associate. Today though, we've seen a new trend: cybercriminals outright asking for...
Blog

Brand Impersonation Attacks on Law Firms Harm Clients and Cost Millions

Imagine this scenario: you call your high-profile client on your way into the office to check in and see if they’re ready to make the multimillion-dollar down payment on a new property. They tell you they wired it yesterday, following your email instructions. But you never sent them an email.Now you have to tell your client that that email didn’t come from you. Except that it did—or at least from...
Blog

Do You Know Where Your W-2 Is? Probably Where You Left It

It’s like clockwork. Every year around tax time security vendors (even us!) push out warnings about W-2 forms being stolen at tax time, and every year dozens of organizations disclose that someone inside of their organization fell victim to a BEC scam where actors were asking for W-2 information. Historically, actors switch to W-2 phishing campaigns starting at the end of January, and typically...
Blog

The Time is Now: Underscoring the Importance of DMARC for State and Local Governments

Scammers know that impersonating a trusted government agency is an extremely effective way to trick or scare victims into handing over money, personal data, or sensitive information. In many cases, it’s all too easy for cybercriminals to use the agency’s own domains to send authentic-looking phishing emails to constituents and contractors. That’s why the Department of Homeland Security announced...
Blog

Beware of Phishing Attacks as Tax Day Looms Closer

The April 15th deadline to file taxes in the United States is almost here, which means Tax Day phishing operations are in high gear. Impersonating the IRS is a year-round favorite tactic for cybercriminals. In fact, the IRS was the third most-impersonated brand in Q4 2018. But with the April 15th deadline on the horizon, criminals know that now is the perfect time to exploit anxiety, distraction,...
Blog

Thinking Differently About BEC: Sharing Intel for the Greater Good

When it comes to sharing threat intelligence with one another, organizations tend to play the game differently. Some prefer to play the “secret squirrel game,” where attribution is something so sacred that names of actors can only be whispered behind closed doors. In other cases, data is bought on the dark underbellies of the Internet and then sold back to organizations as threat intelligence. For...
Blog

BIMI Adoption Grows as Marketers Realize Its Value

With competition soaring and email-based brand impersonation scams skyrocketing 11x since 2014, your most important digital marketing channel could be in serious danger—along with the revenue it generates. But an email standard called Brand Indicators for Message Identification (BIMI) offers a way to fight back.BIMI is an emerging standard that enables brands to display their logos in email...
Blog

Forging the Future of Agari Product Development

As someone who joined Agari nearly five years ago as part of the core team building our breakthrough email security solutions, I am extremely proud of what we built, and I can't wait for you to see what's next. This is—after all—a race against time. In the battle against costly spear phishing attacks, business email compromise (BEC) scams, and other advanced email threats, serious solutions can...
Blog

Fighting the War at Home: How Your Employees are Your Greatest Asset in the Battle Against Data Loss

Sun Tzu once stated that: “The supreme art of war is to subdue the enemy without fighting” and two and a half thousand years later his rhetoric stands the test of time, as today we are seeing this ancient ideal applied in the most modern of battlegrounds: the fight against cyber-crime. To tackle both the malicious and accidental data loss threat, organizations need to have preventative technology...
Blog

Why iTunes? A Look into Gift Cards as an Emerging BEC Cash Out Method

One of the trends that has been slowly creeping up across the BEC threat landscape is that actors are using other techniques in order to get money outside of an organization. While a traditional BEC attack includes instructions for wiring money outside of the organization, more and more actors are asking for a large number of gift cards instead of the classical request of “Please wire $30,000 to...
Blog

Protecting our Clients from Email Spoofing: Our DMARC Journey

This post originally appeared on the Armadillo Blog and has been lightly edited for clarity. Most organizations have been successful in blocking malicious emails targeted at their employees, at least to some extent. Various on-premise and cloud providers exist to take care of anti-spam, anti-virus, reputation scores, and advanced features such as sandboxing of executables.As a service provider...
Blog

A Business World in the Clouds

Safeguarding Against the Security Pitfalls of Cloud-Based PlatformsMajority of us are intimately familiar with the concept of ‘the Cloud’, the seemingly omnipresent information sharing and storage solution. But how much do you know about the security systems that defend it? Most of you may already be using cloud-based programs such as GoogleDocs, DropBox or, more commonly, Microsoft 365 – the...
Blog

Email-Based Bank Impersonation Scams Hit Where It Hurts Most

We all know that phishing attacks came fast and furious. Timed and tailored for maximum effect, these malicious email messages exploit the cruelest of social engineering tactics, preying on customer anxieties, especially in the aftermath of major crises.This past May, UK banking giant TSB experienced one of these phishing-related emergencies. First came breaking news of a massive system meltdown...
Blog

BEC Goes Mobile as Cybercriminals Turn to SMS

Business email compromise (BEC) is a term that encompasses a variety of techniques and tactics that cybercriminals leverage to obtain money or data via identity deception. Despite the evolution and repurposing of this suite of associated tactics, one constant has remained throughout—the correspondence between scammer and victim is done, almost without exception, over email. This foundational...