September 11, 2022, Cloud-based email relay protection solutions continue leveraging artificial intelligence, machine learning, and threat intelligence to stay ahead of phishing attacks. Security awareness training continues to help prevent successful phishing attacks. However, threat actors continue to alter their attack vector capabilities and tactics to bypass these adaptive security functions. Legacy phishing email attacks were mostly single-thread attacks. One email, well crafted, was sent an either one or several people asking them to click on a link to change their password.
Hackers create a dialog with the target.
Email phishing continues to be a problem for organizations. Many extremely well-crafted suspicious emails flow past some of the most robust email solutions directly to the end-user inbox. Phishing scams continue to cost individuals and organizations millions of dollars each year. Organizations using attack simulation capabilities launch phishing campaigns, including next-generation malicious emails attempting to create a dialog with the victim.
Phishing aims to gain access to a system later to launch ransomware or other attacks within an enterprise. For a successful lateral attack, hackers only need one host to serve as the attack connecting point. Using double-barrel phishing tactics and social engineering techniques, crime criminals continue to propagate ransomware rapidly through organizations.
Understanding barrel phishing
Barrel phishing or double-barrel phishing method evolved from reverse social engineering. The attack will start with a friendly, familiar email to a target victim to create a dialog. The user sees regular formatted emails from IT or human resources and replies. The hacker sees the responses coming back from the victim. The attack will alter the tone of the 2nd message to communicate a sense of urgency, designed to intimidate the victim.
Business email compromise with barrel phishing attacks
Barrel phishing attack methods are challenging for organizations because of the two-prong message strategy.
For example, the first message might be something like “Hello.” “I need you!” The second email may say, “I need you now!” Please check this file for errors. “It’s important.” You need to engage with the link or attachment.
Often, the first email could be a welcoming email from IT to new employees. Hackers following companies on Linkedin will pick up emails mentioning, “I just accepted an offer.” The threat actor will take note. On the person’s first day, they could receive a phishing message containing onboarding instructions, including resetting their password and benefits information.
“Welcome aboard; I am Steve from IT. Please take a moment and reset your password. If you have questions, please email back.” The initial phishing trap comes across as friendly, unthreatening, and familiar. The second email sent out an hour later tends to become direct and alarming to the recipient.
“Hey, Steve again. I notice you haven’t changed your password. Do me this small favor before I head out and change your password! Click here to access our identity management systems.”
Notice the tone and directness of the 2nd message. The victim, new to the organization, will quickly click on the rogue link and change their password. The hacker has successfully executed a phishing attack causing possible malware infections within the target organization. Pressure tactics, leveraging separate emails, will trick users.
Susceptibility to phishing
Phishing behavior at all levels of the organization continues to fail prey to cyber criminals. Technical solutions, organizational training, and sustainable information security policies only work for the employees who invest the time and determination to support these strategies. Enterprise-grade and email security work only if the users understand their critical role in protecting the organization.
Threat actors to continue leveraging social engineering to find the perfect target for their email scams. While whale phishing, clone phishing, and credential phishing are still a dynamic threat landscape. Users will still be in a rush and click before they read, setting off the attack chain.
What steps can users and organizations take to stop double barrel phishing?
Stopping phishing messages require more than just technology. SecOps teams and corporate users must exercise good cybersecurity governance to prevent successful phishing attacks. Hackers keep using a variety of phishing attempts because a user will accidentally click on malicious links buried inside email messages.
“Hey, Steve again. Have you uploaded your banking information yet for direct deposit? Not to worry, send your form to me, and I will take care of it.”
Here are some ways users can help protect their organization from double-barrel attacks:
- Complete all security awareness training and practice what you learn.
- Before you click on any link inside of your email, use your mouse to scan over the URL. Look for misspelled words. Ensure the link goes to a website that matches the sender’s email address.
- Check the email from “Steve.” Make sure Steve’s email is coming from the corporate email domain. Also, look up Steve in the company directory to see if this is an actual employee.
Phishing protection starts with enabling email security capabilities proven to stop all forms of phishing attacks. The solution must be a unified platform supporting inbound email and outbound data loss prevention(DLP). Part of the strategy for double barrel attacks is to encourage users to send attachments in the 2nd reply.
Trustifi’s relay-based security uses sophisticated anomaly detection techniques like natural language understanding (NLU) and natural language processing (NLP). It is specifically designed to address BEC by leveraging AI-powered features that identify these challenging new ongoing conversation phishing attacks, which standard security email gateways can’t detect.
Trustifi Unified Cloud-based email security platform.
Trustifi’s holistic email security service offers several unified capabilities, including one-click compliance for email encryption, data loss prevention, inbound and outbound phish, malware protection, and security as a service offering.
- The Trustifi Inbound Shield™ is cloud-based, easy to install, and doesn’t require any architecture changes. You get peace of mind that your emails are protected, without any complex setup or concerns about missing email messages. Plus, it deploys in minutes, not days.
- The Trustifi Outbound Shield automatically scans and encrypts outgoing email messages according to administrators’ policies, so any emails that contain sensitive information are automatically secured.
- The Trustifi One-click for compliance for encryption. With the One-Click Compliance tool, administrators can easily set the platform to screen emails to ensure they automatically comply with more than ten regulatory compliance guidelines.
- The Trustifi Data Loss Prevention. The system automatically scans outgoing emails and applies the rules set by your administrator, then finds the keywords and automatically encrypts and locks the relevant outgoing emails without any input from the user.
As a global cybersecurity provider of both inbound and outbound email protection, Trustifi currently supports customers from countries including the USA, Canada, Brazil, the Dominican Republic, the UK, the Netherlands, India, the UAE, China, and Japan, Cyprus, the Philippines, and more. The company has also developed “One-Click Compliance” capabilities that cater to world security regulations, including PDPO for Hong Kong, POPI for South Africa, GDPR for Europe, and LGPD for Brazil.