Latest Phishing threat | Lateral Phishing Through emails
Nowadays attackers are getting more advanced and they are innovating new techniques to steal user’s personal data. Lateral Phishing is one of the most popular phishing attacks, in this particular attack hackers use compromised email accounts within an organization to target other users within the enterprise.
According to the report of Barracuda, UC Berkeley, and UC San Diego, researchers have analyzed lateral phishing, they found 180 campaigns that used the technique in which attackers sent phishing messages from compromised internal corporate email accounts.
Across the incidents studied, researchers found that the majority of lateral phishing attacks rely on two deceptive narratives: messages that falsely alert the user of a problem with their email account, and messages that provide a link to a fake ‘shared’ document, Barracuda mentioned in their report.
The technique is very much effective, employees are not used to trusting emails from unknown senders. If an email has received form a person in the organization that usually corresponds with the employee via email, there is a much higher chance of a requested action being taken.
“Because these phishing emails now come from a legitimate email account, these attacks are becoming increasingly difficult for even trained and knowledgeable users to detect,” the researchers explained.
Defending against these attacks requires a three-pronged approach. Security awareness training for employees is essential. All employees should be made aware of the threat of phishing from within the organization.
For preventing victims from lateral phishing, the researchers recommended to an organization that employees should use two-factor authentication. Advanced detection tools and techniques, using AI and ML to automatically identify phishing emails without relying on users to identify them on their own.