Damages from Business Email Compromise (BEC) Top the 2019 FBI IC3 List

  • Is DMARC enabled and configured correctly?
  • Are you regularly patching systems?
  • Do you have systems in place to detect phishing and BEC?
  • Are you performing regular employee phishing simulation and training?
  • Is the SOC team equipped with tools to rapidly remediate threats that activate post-delivery?
  • Have business and especially payment processes been hardened against fraud?
  • Have HR and payroll processes been hardened against W2 and payroll diversion?
  • Have processes for handling sensitive and confidential information been hardened against fraud?
  • Is 2FA enabled for corporate accounts to prevent ATO attacks?
  • If there is a breach, is logging on the endpoints enabled?



Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store


Agari is the Trusted Email Identity Company™, protecting companies and people from phishing and socially-engineered email attacks.