Email Account Takeover and Lateral Phishing Attacks Increase Risk to Enterprises


The latest method of attack uses sender familiarity to lower victim defenses and increase the potential for scams, attacks, or fraud to succeed.

The goal of a phishing attack is to get the potential victim to take an action desired by the attacker – clicking a link, opening an attachment, providing credentials, etc. What better way to convince a victim to do so than by sending the email from someone they regularly correspond with?

That’s the premise of the growing trend of lateral phishing attacks. According to new research from security vendor Barracuda, one of the growing trends is the leveraging of compromised email from one user to spread an attack to other users via additional phishing emails.

According to the report:

  • 1 in 7 organizations have experienced email account takeover attacks
  • 60 percent of attacked organizations had multiple compromised employee accounts used to send lateral phishing attacks
  • 55% of targets have a personal or work relationship to the hijacked account
  • Nearly all attacks occur during normal work hours
  • One-third of attacks used stealth techniques such as responding to replies and actively deleting traces of email conversations

Users today can no longer assume that emails even coming from people they know are legitimate. With two-thirds of the emails used in these scams containing generic content, users can be taught using Security Awareness Training to scrutinize the email’s content and to use a different medium to contact the sender to validate the email message.

Request Your Security Awareness Training Quote

products-KB4SAT6-2Old-school awareness training does not hack it anymore. Your email filters have a ~10% failure rate; you need a strong human firewall as your last line of defense. KnowBe4 is your platform for new-school security awareness training. We help you keep your users on their toes with security top of mind. You simply have got to start training and phishing your users ASAP. If you don't, the bad guys will. Find out how affordable this is for your organization and be pleasantly surprised.

Get A Quote Now

Don't like to click on redirected buttons? Cut & Paste this link in your browser:

Subscribe To Our Blog

Weak Password Test Contest

Get the latest about social engineering

Subscribe to CyberheistNews