Today, Agari has published “Behind the ‘From’ Lines: Email Fraud on a Global Scale,” a historic report that I believe is the first of its kind (but definitely not the last!). During the past 10 months, Agari has captured criminal email accounts using responsible active defense techniques, granting us unparalleled access and insight into the operation of these organized crime groups. By...

The European Union’s new privacy law, the General Data Protection Regulation (GDPR), comes into effect on May 25, 2018 and has many ramifications for any organization doing business in the EU. Essentially, the regulation defines how businesses collect and store information on their customers and other private citizens. GDPR goes beyond the current standard of the EU Privacy Directive with...

With the World Cup in Russia this summer and the Olympics in Tokyo in 2020 further down the line; organizations conducting business around the event will face unprecedented challenges with cybersecurity and data protection. With the rise in data breaches in recent times, it might not be too strong to say that the success of these major international events relies upon the whole country being data security conscious. Everything from local hotels to travel agents and tour operators will process increasingly large quantities of customer data, including credit card details, making them ripe targets for cybercriminals. This personally identifiable data (PII) will include EU citizen data and so will need to be protected as per the EU General Data Protection Regulation (GDPR).

We’re just a few short months away from the EU General Data Protection Regulation (GDPR) coming into law on May 25th, promising an unprecedented shake up of the way businesses manage and secure data. Any organization that collects or processes data relating to EU citizens is likely to fall under the regulation, making it a priority for any company with a global scope. Some organizations are...

On Friday 12th May last year, a global ransomware attack, aptly named WannaCry, infected over 200,000 computers in at least 100 countries. It began with an email at roughly 8:30am London time. By midday, employees at Spain’s mobile operating giant Telefónica were being shut out of their work terminals and in the UK, emergency services were being pulled and hospital facilities were being shut down....

According to a public service announcement issued by the FBI, college students across the United States continue to be targeted in a common email phishing scam that lures students in with the promise of employment.It works like this: email Scammers advertise phony job opportunities on college employment websites or students receive emails on their student accounts recruiting them for fictitious...

In this final post of the DMARC series we’ll discuss the latest crypto updates to DKIM known as the DKIM Crypto Update (DCRUP) to strengthen DKIM. Picking the LockWhile DKIM has been around for many years as one of the foundations of DMARC, weaknesses in the security of its signatures have limited its effectiveness. The DCRUP Working Group was created to update DKIM to handle more modern...

As we mentioned in the first post of this series, with the arrival of ARC, one of the biggest blockers to DMARC adoption up to now has been the inability to use it with mailing lists or forwarders. This limitation existed because messages delivered through 3rd party handlers would not pass DKIM or SPF (or both). This meant that in the past one either didn’t enforce DMARC or suffered the...

Recent research conducted by Agari showed that Business Email Compromise (BEC) attacks are running rampant with 96% of organizations experiencing an attack during the second half of 2017. To compile the report, Agari analyzed over 1 billion emails that were considered safe by conventional security technologies. Our analysis showed that BEC was one of the predominant methods used by cyber criminals...

The first deadline for the Department of Homeland Security Binding Operational Directive (BOD) 18-01 has passed and 63 percent of federal agencies have deployed DMARC, up from 18% when the directive was announced three months ago. BOD 18-01 was announced by DHS Assistant Secretary of Cybersecurity and Communications Jeanette Manfra on October 14, 2017. The mandate requires federal domains to...

The Department of Homeland Security binding directive (BOD 18-01) outlines several milestones that agencies must meet in order to show progress and, ultimately, compliance with the directive. The first of those milestones (due on November 15th, 2017) is to create an Agency Plan of Action for BOD 18-01 outlining how the agency would implement the requirements of the directive and meet its deadlines...