Lateral Email Phishing-New Email Attack Targets Trust
Published: April 29, 2020 on our newsletter Security Fraud News & Alerts Newsletter.
Trusting a work-related email can largely depend on who the sender is. If you receive one from a co-worker or familiar vendor, chances are your guard is down and you’re likely to open the email and act on it. Hackers know this, and their latest exploit takes advantage of that trust by using lateral phishing attacks. These attacks start by bombarding employees with phishing emails. It only takes one staff member to fall for the fake to compromise many more employees. Research shows that 154 compromised accounts involved over 100,000 unique email recipients. Those numbers mean lateral phishing is working and businesses find themselves hit with yet another breed of email attack.
Lateral phishing takes trusting an email and its sender to a whole new level. Sender credibility is at stake and hackers don’t waste any time taking advantage of that. They leverage that credibility to send a host of emails to others within a compromised account’s contacts. That means an email from a familiar sender is trusted and taken as legitimate, possibly leading an organization to further compromise. A report by Barracuda Networks finds lateral phishing also targets outside vendors and their systems. The sensitive data a business and its vendors hold is up for grabs and malware attacks like ransomware may not be far behind.
Keeping ahead of lateral email phishing is possible with basic smart choices. An important part of keeping safe starts with employee training that educates staff about cybersecurity. As with lateral phishing, employees are often the front line against attacks. A staff who knows the signs of email phishing and how to avoid them are ahead of the safety curve. An email with links and attachments should always be approached with caution. Clicking on a link can lead employees to bogus websites designed by hackers to steal sensitive data. Attachments should also be suspect as they can easily be full of malware that downloads on a device upon opening. Should there be any doubt of an email sender’s identity, employees should call to verify the sender before following links and opening attachments.
Work emails contain very sensitive data and new attempts to get at that information are a part of online life. A cyber-educated, email savvy staff is important to keep lateral phishing out and important data where it belongs.
Keep up to date: Sign up for our Fraud alerts and Updates newsletter
Want to schedule a conversation? Please email us at firstname.lastname@example.org